Google Outlines iPhone Vulnerabilities That Let Malicious Websites Steal User Data for Years, Now Fixed

by

Google's Project Zero published a blog post this week about a previous security threat wherein malicious websites quietly hacked into the victim's iPhone. This small collection of hacked websites were used in what was described as "indiscriminate" attacks against unsuspecting visitors for years, but the threat has been addressed by Apple.

iphonexrxsmax
If the attacks were successful, a monitoring implant would be installed on the targeted ‌iPhone‌, able to steal private data including messages, photos, and GPS location in real time. Google estimated that thousands of visitors headed to these websites per week over the course of two years, and that iOS versions ranging from iOS 10 to iOS 12 were exploited.

There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant. We estimate that these sites receive thousands of visitors per week.

TAG was able to collect five separate, complete and unique iPhone exploit chains, covering almost every version from iOS 10 through to the latest version of iOS 12. This indicated a group making a sustained effort to hack the users of iPhones in certain communities over a period of at least two years.

Project Zero discovered exploits for a total of 14 vulnerabilities in iOS, seven for Safari, five for the kernel, and two separate sandbox escapes. The team reported these findings to Apple in February, and Apple's release of iOS 12.1.4 that same month addressed the issues.

Google's deep dive into the iOS exploit can be read on the company's Project Zero blog.

Tags: Google, Project Zero

Popular Stories

iphone 16 display

iPhone 17's Scratch Resistant Anti-Reflective Display Coating Canceled

Monday April 28, 2025 12:48 pm PDT by
Apple may have canceled the super scratch resistant anti-reflective display coating that it planned to use for the iPhone 17 Pro models, according to a source with reliable information that spoke to MacRumors. Last spring, Weibo leaker Instant Digital suggested Apple was working on a new anti-reflective display layer that was more scratch resistant than the Ceramic Shield. We haven't heard...
Read Full Article113 comments
iPhone 17 Air Pastel Feature

iPhone 17 Reaches Key Milestone Ahead of Mass Production

Monday April 28, 2025 8:44 am PDT by
Apple has completed Engineering Validation Testing (EVT) for at least one iPhone 17 model, according to a paywalled preview of an upcoming DigiTimes report. iPhone 17 Air mockup based on rumored design The EVT stage involves Apple testing iPhone 17 prototypes to ensure the hardware works as expected. There are still DVT (Design Validation Test) and PVT (Production Validation Test) stages to...
Read Full Article27 comments
Beyond iPhone 13 Better Blue

20th Anniversary iPhone Likely to Be Made in China Due to 'Extraordinarily Complex' Design

Monday April 28, 2025 4:29 am PDT by
Apple will likely manufacture its 20th anniversary iPhone models in China, despite broader efforts to shift production to India, according to Bloomberg's Mark Gurman. In 2027, Apple is planning a "major shake-up" for the iPhone lineup to mark two decades since the original model launched. Gurman's previous reporting indicates the company will introduce a foldable iPhone alongside a "bold"...
Read Full Article123 comments
iphone 17 air iphone 16 pro

iPhone 17 Air USB-C Port May Have This Unusual Design Quirk

Wednesday April 30, 2025 3:59 am PDT by
Apple is preparing to launch a dramatically thinner iPhone this September, and if recent leaks are anything to go by, the so-called iPhone 17 Air could boast one of the most radical design shifts in recent years. iPhone 17 Air dummy model alongside iPhone 16 Pro (credit: AppleTrack) At just 5.5mm thick (excluding a slightly raised camera bump), the 6.6-inch iPhone 17 Air is expected to become ...
Read Full Article140 comments
apple watch ultra yellow

What's Next for the Apple Watch Ultra 3 and Apple Watch SE 3

Friday April 25, 2025 2:44 pm PDT by
This week marks the 10th anniversary of the Apple Watch, which launched on April 24, 2015. Yesterday, we recapped features rumored for the Apple Watch Series 11, but since 2015, the Apple Watch has also branched out into the Apple Watch Ultra and the Apple Watch SE, so we thought we'd take a look at what's next for those product lines, too. 2025 Apple Watch Ultra 3 Apple didn't update the...
Read Full Article65 comments
iPhone 17 Pro Blue Feature Tighter Crop

iPhone 17 Pro Launching Later This Year With These 13 New Features

Wednesday April 23, 2025 8:31 am PDT by
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices. Below, we recap key changes rumored for the iPhone 17 Pro models as of April 2025: Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone 16 Pro models have a titanium frame, and the iPhone ...
Read Full Article
iPhone 17 Pro on Desk Feature

All iPhone 17 Models Again Rumored to Feature 12GB of RAM

Tuesday April 29, 2025 3:36 am PDT by
All upcoming iPhone 17 models will come equipped with 12GB of RAM to support Apple Intelligence, according to the Weibo-based leaker Digital Chat Station. The claim from the Chinese leaker, who has sources within Apple's supply chain, comes a few days after industry analyst Ming-Chi Kuo said that the iPhone 17 Air, iPhone 17 Pro, and iPhone 17 Pro Max will all be equipped with 12GB of RAM. ...
Read Full Article83 comments
AirPods Pro 3 Mock Feature

AirPods Pro 3 Just Months Away – Here's What We Know

Tuesday April 29, 2025 1:30 am PDT by
Despite being more than two years old, Apple's AirPods Pro 2 still dominate the premium wireless‑earbud space, thanks to a potent mix of top‑tier audio, class‑leading noise cancellation, and Apple's habit of delivering major new features through software updates. With AirPods Pro 3 widely expected to arrive in 2025, prospective buyers now face a familiar dilemma: snap up the proven...
Read Full Article102 comments

Top Rated Comments

noSpeed Avatar
noSpeed
74 months ago
So what were the malicious sites?
Score: 72 Votes (Like | Disagree)
Expos of 1969 Avatar
Expos of 1969
74 months ago
The defenders will soon be here trying to explain how Apple was not at fault and that the company is really trying to put privacy priority # 1 (ha...ha...ha).
Score: 29 Votes (Like | Disagree)
realtuner Avatar
realtuner
74 months ago
Stick that on a billboard
Sure. Along with the time Google discovered a security flaw in Safari and instead of notifying Apple so they could fix it they wrote malware to exploit it so they could keep tracking users.

So the moral of the story is: If Google can somehow embarrass Apple over an exploit they'll release information to the public. If they can use the exploit to their own advantage, they'll keep quiet about it.
Score: 23 Votes (Like | Disagree)
DCIFRTHS Avatar
DCIFRTHS
74 months ago
So what were the malicious sites?
Same question. Read the articles, and didn’t see them listed. Maybe I missed them... I feel google has the responsibility to disclose them.
Score: 18 Votes (Like | Disagree)
TheShadowKnows! Avatar
TheShadowKnows!
74 months ago
Kudos to Google's Project Zero in spades.
GOTO: https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html


"... we examined how the attackers gained unsandboxed code execution as root on iPhones. At the end of each chain we saw the attackers calling posix_spawn, passing the path to their implant binary which they dropped in /tmp. This starts the implant running in the background as root. There is no visual indicator on the device that the implant is running. There's no way for a user on iOS to view a process listing, so the implant binary makes no attempt to hide its execution from the system.

The implant is primarily focused on stealing files and uploading live location data. The implant requests commands from a command and control server every 60 seconds.

Before diving into the code let's take a look at some sample data from a test phone running the implant and communicating with a custom command and control server I developed. To be clear, I created this test specifically for the purposes of demonstrating what the implant enabled the attacker to do and the screenshots are from my device. The device here is an iPhone 8 running iOS 12.

The implant has access to all the database files (on the victim’s phone) used by popular end-to-end encryption apps like Whatsapp, Telegram and iMessage. We can see here screenshots of the apps on the left, and on the right the contents of the database files stolen by the implant which contain the unencrypted, plain-text of the messages sent and received using the apps..."
Score: 16 Votes (Like | Disagree)
realtuner Avatar
realtuner
74 months ago
Sounds like working as intended. Bugs found, reported and fixed in the same month.
This.

Going to quote it simply to counter the inevitable posts saying Apple somehow screwed up....blah....blah....blah.

First off, Apple didn't ignore this exploit for years. They simply didn't know about it. The only reason it went unnoticed for so long is because it wasn't widespread. Once an exploit becomes common it's usually discovered quickly. This is why zero-days are so valuable and often sold to governments or others who can afford to pay a couple million for an exploit. It's also why those same people only use the exploits on targets they consider valuable, because once it's out there it will be discovered and fixed.

Secondly, Apple dealt with it immediately. Google notified Apple on Feb 1st and Apple released a patch on Feb 7th. This is a perfect example of Apple having superior security to Android. Exploits will always exist. Being able to quickly roll out a fix for an exploit is one of the most important methods in dealing with them. Something Android is absolutely horrible at.
Score: 16 Votes (Like | Disagree)
Read All Comments