Bad News For Apple; Google Finds iPhones Being Attacked By Malicious Sites

Share
Listen to this article!
Voiced by Amazon Polly

Google security researchers have discovered several malicious websites, which if they visited, would effortlessly hack an iPhone of the victim by exploiting several earlier unrevealed software defects.


Project Zero by Google, which consists of a team of security analysts working to identify the 0-day vulnerabilities, claims that unsuspecting victims visited these sites thousands of times per week.

Ian Beer, a Project Zero safety researcher, says that a hacking site is sufficient to exploit the server and, if successful, to “install a monitoring implant.” These sites have been hacking iPhones for at least two years.

Project Zero researchers reported that five distinct exploit chains with 12 separate security vulnerabilities, including Safari, iPhone’s built-in web browser, were identified during this phase.

Ian Beer clarified that five distinct attack chains enabled an intruder to access the device root, allowing attackers to obtain access to the complete spectrum of features that usually do not allow the user to access the device.

It also implies that an attacker could install malicious applications without letting the iPhone owner know and spy on them to steal information. According to the Threat Analysis Group (TAG) of Google, these vulnerabilities were used to steal photos and messages from users as well as to track their immediate location and access bank details and passwords stored on their devices.

The assessment also showed that these failures impact iOS 10 to the present iOS 12 version of the software.

The study on these vulnerabilities was published in February, then Apple released a fix for iPhone 5s, iPad Air and later on with iOS 12.1.4.

“Given the breadth of information stolen, the attackers may nevertheless be able to maintain persistent access to various accounts and services by using the stolen authentication tokens from the keychain, even after they lose access to the device.”

Ian Beer, Project Zero

Apple is yet to respond to these developments.

Author

Anirudh Muley
Anirudh Muley
Anirudh is the Editor in Chief and Main Writer at Clickdotme. He does not like describing himself in the third-person and had a hard time coming up with these two sentences!
Advertisements

You may also like...

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: