The security researcher team on the Project Zero at Google says that they have managed to discover many hacked websites which were able to make sure of the previously unknown security flaws in iPhone that allowed them to attack the phones that visited such websites. According to tech media, this is perhaps the largest of any cyberattack that has been carried out against the users of iPhone.
If an iPhone user visited such a malicious website while using a vulnerable iPhone, then they are at risk of having their private files, their messages, and also their real-time data location of getting compromised. Google reported these findings to Apple and the iPhone manufacturer stating patching up the vulnerabilities in their devices this year.
According to the information, the attack was allowing the websites to install a sort of an implant which had access to the keychain of the iPhone.
This would allow the hackers to have the access to almost any certificates or the credentials contained within the device and also to give them access to the databases for the secure messenger apps such as iMessage and Whatsapp.
Although these devices have the end-to-end encryption for transferring of messages, but if the end device suffers from this cyberattack, then the attacker had access to the other encrypted messages in the form of plain text.
The thing that made this attack more worrisome for Google and Apple, is that the majority of such attacks are targeted where individual links are sent to the target. However, in this case, any iPhone user who visited anyone of these malicious websites would get attacked by having an implant installed on their device. According to Google’s research team on this security flaw, these malicious websites were being visited each week with almost thousands of visitors.
According to researchers, they found a total of 14 security flaws across 5 different keychains for iPhones. iOS versions 10 to 12 were all compromised with these flaws and hackers have been trying to compromise devices for the past 2 years. The team contacted Apple about these security flaws back in February this year and gave then 7 days to patch this problem. This is an extremely short deadline for fixing security flaws as the normal deadline is 90 days. This just shows how much of a major security flaw this is.
Despite the previously discovered vulnerabilities getting patched p by Apple, researchers are of the view that there might still be more security flaws that are yet to be uncovered.