In what’s being touted as potentially one of the biggest attacks on iPhone users ever, Google has revealed that a collection of websites were hacked to deliver malware onto iPhones, with the iOS vulnerabilities involved going unchecked and undiscovered for years — as well as subsequent attacks.
The hacks installed zero-interaction malware into unnamed sites that received thousands of visitors every week. Simply visiting the sites, without clicking or scrolling at all, could deliver a monitoring implant onto users’ iPhones.
Google demonstrated that the implant could “steal private data like iMessages, photos and GPS location in real-time”; it also had access to users’ keychains and password data, as well as database files containing plaintext of messages sent and received in messaging apps such as Google Hangouts, and even specifically end-to-end encrypted apps including WhatsApp, iMessage, and Telegram. Read more…
Proactive Computing found this story and shared it with you.