iPhone users have found a vulnerability that was recently discovered by Google. The Mountain View giant’s Project Zero team announced it had found a large number of hacked pages that were being used by cybercriminals to attack iPhone users known for their high level of security.
According to the Google team, just visiting one of these addresses was enough for malicious servers to attack visitors’ iPhones.
The company’s Threat Analysis Group (TAG) has collected about five unique iPhone exploration chains that can cover all versions of iOS 10 through the latest iOS 12.
After attackers gained access to the device and installed a monitoring implant, they could access sensitive information such as photos, messages, location data, and other information.
Cybercriminals could also access users’ keys, ie passwords, and databases for end-to-end encrypted messaging apps such as WhatsApp and iMessage. Some of the attacks were made from zero-day exploits using vulnerabilities previously unknown to Apple.
Restarting the phone solves the problem, but even in the process attackers can still access user accounts and services via authentication tokens stolen from the user key. The vulnerabilities were fixed following Google’s complaint to Apple in February of this year.