Google’s Project Zero security researchers recently discovered a number of hacked websites that inserted malware onto people’s iPhone for years, if they visited one of these sites. Once users have entered the site the hackers will be able to target their personal data including Photos, messages and location. The security researchers had reported this vulnerability to Apple earlier this year and they had patched the issue with an update.
"There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant," Project Zero's Ian Beer wrote in a blog.
Apple being considered as the epitome of security rarely has such issues and often believed to be one of the few highly secured devices. There are several bug bounty programs initiated by Apple offering security researchers up to $1 million who can find potential vulnerabilities on its devices.
The attack was described as indiscriminate because hackers usually target a single person by sending them links privately. But in this scenario anyone who has ever visited the website were targeted and monitored. Security researchers reported that the site received more than thousand visitors per week.
"The very nature of iOS, intended to keep devices secure, may have worked against us in this case by preventing the attack from being discovered,” Thomas Reed, director of Mac and mobile security responded.
It is known that iOS doesn’t allow for malware scans and this was an added advantage to the hackers and may have led to such a late discovery of this vulnerability. But reports point out that the issue has lasted more than two years.
Israeli Government Signs $1 billion Cloud Services Deal with AWS, Google
FMCG Major CavinKare Launches My Cavin’s
More Privacy Choices for Indian Google Pay Users Soon
Eros Now’s Data Science team will now leverage Google Cloud to automate subtitling for movies and other content
HCL Expands its Strategic Partnership with Google Cloud
© 2021 CIO Bulletin. All rights reserved.