Latest in Gear

Image credit: SIPA USA/PA Images

Google uncovers exploit-laden websites that stole data from iPhones

Visiting them was supposedly enough to compromise a device.
229 Shares
Share
Tweet
Share

Sponsored Links

SIPA USA/PA Images

A small collection of hacked websites targeted iPhones using zero-day attacks for at least a couple of years, Google's Project Zero team has revealed in a newly published report. The websites don't even need a user's input to infiltrate a device: just visiting them is enough to compromise an iPhone. In the case of a successful attack, an implant makes its way to the victim's device to steal sensitive data like photos and iMessages, as well as to update the attackers on its real-time GPS location.

Motherboard notes that the implant can also infiltrate a user's keychain and all the passwords in it, as well as the databases for other end-to-end encrypted messaging apps like Telegram and WhatsApp. The Project Zero team discovered a total of fourteen vulnerabilities affecting iPhones running on iOS 10 up to iOS 12.1.2.

A zero day exploit makes use of a vulnerability not known to the software/hardware-maker beforehand, so users have no means to be protected from attacks. The good news is that the malware the websites use disappears whenever an infected iPhone gets rebooted. Google highlighted the issues with Apple on February 1st, prompting a bunch of hotfixes in the iOS 12.1.4 update released on February 7th.

Update: We clarified the iOS versions affected and the version that rolled out with a fix.

In this article: apple, exploit, gear, google, mobile, security
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
229 Shares
Share
Tweet
Share

Popular on Engadget

Master & Dynamic's MW07 Plus are much-improved true wireless earbuds

Master & Dynamic's MW07 Plus are much-improved true wireless earbuds

View
Master & Dynamic's MW07 Go is a $199 AirPod alternative

Master & Dynamic's MW07 Go is a $199 AirPod alternative

View
California's statewide earthquake alert system launches Thursday

California's statewide earthquake alert system launches Thursday

View
Skydio's station lets self-flying drones work around the clock

Skydio's station lets self-flying drones work around the clock

View
‘Harry Potter: Wizards Unite’ gathered location data while users slept

‘Harry Potter: Wizards Unite’ gathered location data while users slept

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr