Google says iPhone security flaws let websites hack them for years – CNET

Google found some malicious websites that could hack into people's iPhones.

Angela Lang/CNET

Google's Project Zero security researchers revealed that they found several hacked websites that slipped malware onto people's iPhone for years. If people visited one of the sites, their messages, photos and location data could be compromised. The team reported their findings to Apple earlier this year, and the vulnerability was patched in the same update that fixed the FaceTime eavesdropping bug.

"There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant," Project Zero's Ian Beer wrote in a Thursday blog post detailing the team's discovery. "We estimate that these sites receive thousands of visitors per week."

Google says iPhone security flaws let websites hack them for years     - CNET

Now playing: Watch this: Apple fixes FaceTime flaw, Google pulls Fiber service...

1:30

The team found 14 vulnerabilities across five separate exploit chains, running from iOS 10 to the current version of iOS 12, meaning the hackers targeted iPhone users over at least two years. The implant could access the device's keychain, which includes passwords and database files used by end-to-end encrypted messaging apps like Whatsapp, Telegram and iMessage.

It was wiped if people rebooted their iPhones, but would return if they visited the hacked site again, the report noted.

Apple declined comment, but make sure your iPhone is fully updated to make sure this vulnerability can't impact you.

First published at 2:52 a.m. PT.
Updated at 3:38 a.m. PT: Notes that Apple declined comment and adds more detail.

Google says iPhone security flaws let websites hack them for years     - CNET

$999

CNET may get a commission from retail offers.

Apple iPhone XS

You may also like...