A cursory visit to a malicious website on your iPhone may infect it (in a zero-day attack), unless run on the latest iOS version, warns Google’s Threat Analysis Group blog written by Ian Beer, Project Zero.
Yes, as brief a 60-second suspect website visit can install a virulent monitoring implant or malware. Then, hackers will have a field day freely accessing your vital data and personal information sitting on the iPhone.
Decisive action witnessed by the malicious website infection on iPhone is to steal files and upload live location information.
The blog said, “TAG was able to collect five separate, complete and unique iPhone exploit chains, covering almost every version from iOS 10 through to the latest version of iOS 12. This indicated a group making a sustained effort to hack the users of iPhones in certain communities over a period of at least two years.”
It found a total of fourteen vulnerabilities across the five exploit chains: seven for the iPhone’s web browser, five for the kernel and two separate sandbox escapes.
Project Zero Finds Vulnerable Software & Provides Yoeman Service
TAG Team found that apart from few hacked websites, most used encrypted messaging apps like iMessage, WhatsApp, and Telegram, are prone to iPhone break-ins.
It pointed out that the malware implant does not remain active iPhone user reboots the device leading to complete deletion of the malware says the blog. It notes that a single break-in event may lead to a compromise of your valuable confidential information available on the iPhone.
On learning about the iOS vulnerabilities, TAG Team reported to Apple Officials with a 7-day deadline on February 1, 2019. As a result, on February 7, 2019, the out-of-band release of iOS 12.1.4 happened, and Apple announced its release on February 7, 2019.
Thus, all leading iPhone models, be it iPhone XR or the iPhone XS running iOS 12 or even those before these, must have iOS version updated at the earliest to escape the vulnerabilities explained above.
Google’s TAG Team working on this Project Zero is missioned to make zero-day hard and offer users value-added security solutions against malicious, hacker prone, and vulnerable softwares.
Since 2014, It has been laboring at finding, exploiting, and sorting out issues that plague the company offering proprietary software like Apple and Samsung, to name a couple. Commendable, shall we say?
Friends learning from all that we have put up so far, here’s a request. To ensure safe browsing and retaining personal data or information in a secured manner, use the latest iOS version without fail.
Wish you safe and happy browsing……