Google’s security researchers claim to have found an exploit which exposes iPhone users who visit malicious websites to hackers.
Earlier this year Google’s Threat Analysis Group (TAG) discovered a small collection of hacked websites. The hacked sites were being used in indiscriminate watering hole attacks against their visitors, using iPhone 0-day.
There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant. We estimate that these sites receive thousands of visitors per week.
Working with TAG, we discovered exploits for a total of fourteen vulnerabilities across the five exploit chains: seven for the iPhone’s web browser, five for the kernel and two separate sandbox escapes
Project Zero’s Deep dive
The exploits could be used to access a users photos, messages, and tracking near real-time location.
Thankfully, Apple is said to have addressed the exploits in the iOS 12.1.4 update. If you have an iPhone 5s and iPad Air (or devices launched after) it might be a good idea to just update your iOS version if it wasn’t already to up to date.
Also read, WhatsApp Was Hacked: Users Urged To Update App To Avoid Being Hacked