Aug 30, 2019
iPhones have been vulnerable for years to malicious websites.
Google researchers found 14 vulnerabilities in Apple's smartphone. Malicious sites were visited thousands of times a week
All iPhones with iOS 10 or a later version of the operating system have been vulnerable for at least two years to attacks from malicious websites. At stake are several vulnerabilities discovered by a team of Google researchers that could run five attack chains - exploiting different bugs together - to steal sensitive data from smartphones.
While not revealing the name of the malicious sites, Google says that if an iPhone were to access that site, the attack would be immediately successful. The pages in question were visited thousands of times a week, according to information that was made public.
"There was no target discrimination: visiting the hacked sites was enough for the server to attack your device and, if successful, install a monitoring implant," said the technology. Google discovered the problem in February and Apple fixed the vulnerabilities within six days.
Of the flaws found, seven existed in the Safari browser, five in the operating system kernel, and the other two that could be exploited from a sandbox.
Malicious websites could steal information from smartphones and also the location of the device: something that happened every 60 seconds. The system that holds user passwords, as well as messaging application databases, was also at the mercy of hackers.
Despite the severity of the attacks, the threats were not persistent, meaning that once the user restarted the smartphone, the attacker would lose access to the device. But as Ian Beer of the Project Zero security team at Google points out, after the attacker extracted some data from the device, he could work that information to better target other attacks on the user.
According to Techcrunch, after being contacted, Apple declined to comment on the case.
The revelation from Google comes at a time when Apple's smartphone, considered to be the most robust in terms of security, has been associated with several vulnerabilities: for the first time in several years, it was once again possible to jailbreak the iPhone; and it was also revealed that a message was enough for a hacker to gain access to the device.