Published 13:10 IST, August 30th 2019
Google claims iPhones were hackable for years due to software flaws
Google security esearchers revealed that malicious websites could compromise the security of a victim's iPhone for years due to security flaws in Apple software
Advertisement
Security researchers at Google's Project Zero claimed that y have come across several malicious websites. Researchers revealed that those websites could compromise security of a victim's iPhone. When visited, those malicious websites could man to hack into iPhone. hack could be possible by exploiting previously hidden security loopholes in iOS. In ir blog post, Google Project Zero team said that company's Threat Analysis Group (TAG) found out a bunch of compromised websites. Security researchers at Google collected five iPhone exploit chains between iOS 10 and iOS 12. It was an indication that a group of hackers could be targetting select iPhone users for two years or so.
Security flaws in iOS
Advertisement
" hacked sites were being used in indiscriminate watering hole attacks against ir visitors, using iPhone 0-day. re was target discrimination; simply visiting hacked site was eugh for exploit server to attack your device, and if it was successful, install a monitoring implant. We estimate that se sites receive thousands of visitors per week," said Ian Beer, Project Zero. "I’ll investigate what I assess to be root causes of vulnerabilities and discuss some insights we can gain into Apple's software development lifecycle. root causes I highlight here are t vel and are often overlooked: we'll see cases of code which seems to have never worked, code that likely skipped QA or likely had little testing or review before being shipped to users," Beer added.
Google said that it reported se issues to Apple with a 7-day deadline
Google discovered 14 vulnerabilities across 5 exploit chains. y were furr divided into groups as follows: 7 for web browser, 5 for kernel and 2 separate sandbox escapes. Google's Initial analysis indicated that at least one of exploit chains was unpatched at time of discovery. Google said that it reported se issues to Apple with a 7-day deadline on 1st February 2019, resulting in out-of-band release of iOS 12.1.4 on 7 Feb 2019. Google furr said that it also shared complete details with Apple, which were disclosed publicly on 7th February 2019. For more information, you can check Google's detailed blog post.
Advertisement
(Story picture: AP)
12:59 IST, August 30th 2019