We have seen many cases in recent times of hacks and attacks taking place on a wide variety of devices across platforms. This is applicable not only to Windows and Android but it is also possible on iOS and macOS too.
However, there is still a common feeling that iOS is still more secure than Android. We now have one more instance where Google researchers have found a bug that was affecting iPhone users from years.
More specifically, we are talking about the Google Project Zero researchers who have revealed what is called “maybe one of the largest attacks against iPhone users ever”. Talking about the type of attack, hackers were using hacked websites to inject malware inside the iPhones.
Project Zero’s Ian Beer reveals that “no target discrimination” was done in this type of attacks. This basically means that anyone and everyone who visited those hacked websites were targeted.
It is also mentioned by Ian that the websites are estimated to be getting thousands of views every week. On that basis, we can estimate that the malware would be injected on thousands of iPhones every week.
Here is the statement from Google’s Project Zero researchers on the discovery:
Working with TAG, we discovered exploits for a total of fourteen vulnerabilities across the five exploit chains: seven for the iPhone’s web browser, five for the kernel and two separate sandbox escapes. Initial analysis indicated that at least one of the privilege escalation chains was still 0-day and unpatched at the time of discovery.
However, it is also worth mentioning that Apple was quick to fix all these bugs once they were found. Project Zero’s Beer says that Project Zero reported the issues to Apple with a 7-day deadline on February 1st, 2019. He mentions that they were fixed in the release of iOS 12.1.4 on February 9th, 2019.