Advertisement

Updated August 30th, 2019 at 13:10 IST

Google claims iPhones were hackable for years due to software flaws

Google security esearchers revealed that malicious websites could compromise the security of a victim's iPhone for years due to security flaws in Apple software

Reported by: Tech Desk
iPhone
| Image:self
Advertisement

Security researchers at Google's Project Zero claimed that they have come across several malicious websites. Researchers revealed that those websites could compromise the security of a victim's iPhone. When visited, those malicious websites could manage to hack into the iPhone. The hack could be possible by exploiting previously hidden security loopholes in iOS. In their blog post, Google Project Zero team said that the company's Threat Analysis Group (TAG) found out a bunch of compromised websites. Security researchers at Google collected five iPhone exploit chains between iOS 10 and iOS 12. It was an indication that a group of hackers could be targetting select iPhone users for two years or so.

Security flaws in iOS

READ | Cracked iPhone screen? You are going to have more places to fix it now

"The hacked sites were being used in indiscriminate watering hole attacks against their visitors, using iPhone 0-day. There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant. We estimate that these sites receive thousands of visitors per week," said Ian Beer, Project Zero. "I’ll investigate what I assess to be the root causes of the vulnerabilities and discuss some insights we can gain into Apple's software development lifecycle. The root causes I highlight here are not novel and are often overlooked: we'll see cases of code which seems to have never worked, code that likely skipped QA or likely had little testing or review before being shipped to users," Beer added.

READ | Apple will launch the iPhone 11 on September 10

Google said that it reported these issues to Apple with a 7-day deadline

Google discovered 14 vulnerabilities across 5 exploit chains. They were further divided into groups as follows: 7 for web browser, 5 for kernel and 2 separate sandbox escapes. Google's Initial analysis indicated that at least one of the exploit chains was unpatched at the time of discovery. Google said that it reported these issues to Apple with a 7-day deadline on 1st February 2019, resulting in the out-of-band release of iOS 12.1.4 on 7 Feb 2019. Google further said that it also shared the complete details with Apple, which were disclosed publicly on 7th February 2019. For more information, you can check Google's detailed blog post.

(Story picture: AP)

Advertisement

Published August 30th, 2019 at 12:59 IST

Your Voice. Now Direct.

Send us your views, we’ll publish them. This section is moderated.

Advertisement
Advertisement

Trending Quicks

Lok Sabha Elections 2024
a few seconds ago
Hacker
a few seconds ago
Game Changer
4 minutes ago
chain snatching
9 minutes ago
Shahjahan Sheikh in CBI Custody: First Visual Emerges | WATCH
11 minutes ago
UP: Father-Son Die After Being Hit By Vehicle During Morning Walk
11 minutes ago
Heinrich Klassen's daughter
12 minutes ago
Arvind Kejriwal
16 minutes ago
Delhi Finance Minister Saurabh Bharadwaj
22 minutes ago
Advertisement
Advertisement
Advertisement
Whatsapp logo