A team of Google cybersecurity researchers investigating unknown computer-software vulnerabilities has found that iPhones users data was open to hacking for two years, tech news outlet TNW reported on August 30.
Project Zero uncovered an array of malicious websites that can hack iPhones by linking a series of smaller security flaws. It disclosed five previously undisclosed so-called “exploit chains.”
These chains leveraged 14 different weaknesses from iOS 10 to iOS 12. The attackers were able to target individuals by infecting websites they are known to visit and loading malware or malvertisements into their device.
Project Zero also found that malware implants could access iPhone’s keychains and data containers. This is particularly shocking as it would eliminate the viability of end-to-end encryption which messaging apps like WhatsApp trumpet up.
The team traditionally adheres to an austere 90-day disclosure period but came forward before this grace period with this revelation, perhaps indicating the extent of the vulnerability involved.
Project Zero researcher Ian Beer stated:
“All that users can do is be conscious of the fact that mass exploitation still exists and behave accordingly; treating their mobile devices as both integral to their modern lives, yet also as devices which when compromised, can upload their every action into a database to potentially be used against them.”