Why does Google keep finding critical iPhone flaws?
Bug-hunting Project Zero team says latest software exploit exposed users’ ‘deepest secrets’

Security researchers at Google have discovered a major security flaw in Apple’s iPhone range that resulted in sustained indiscriminate attacks over a period of at least two years.
Researchers at the search giant’s Project Zero team - a division that hunts for software bugs to prevent cybercriminals from exploiting them - discovered a hacking operation in January that targetted “thousands of users a week”, The Guardian reports.
The attackers used a small collection of hacked websites to deploy malware onto the iPhones of visitors. Once a device had been hacked, the victim’s “deepest secrets were exposed”, including their location, password keychain and chat histories, says the newspaper.
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.

Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
“Simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant,” said Ian Beer, a cybersecurity expert at Project Zero, in a blogpost.
Google says it reported the security issues to Apple on 1 February. Apple then released an operating system update which fixed the flaws on 7 February.
All the same, this is by no means the first time that Google has discovered an iPhones flaw.
Last month, the Project Zero team revealed six fundamental flaws related to the Messages app on iOS 12. The issues, which have now been fixed, exposed a user’s data if they were sent a text message containing a certain piece of bugged code.
What happened this time?
According to Vice, some of the newly discovered attacks made use of so-called zero day exploits. These take advantage of security flaws of which the device maker, in this case Apple, is unaware and therefore has “zero days” to fix.
Project Zero discovered “five distinct iPhone exploit chains” based on 14 different vulnerabilities affecting devices running iOS 10, 11 and 12 operating systems, the news site says.
Users were exposed to an attack by simply visiting one of the bugged websites.
When the user’s device was compromised, hackers would implant a piece of malware that could “access an enormous amount of data”, the BBC reports. Information was then sent to back to an external server “every 60 seconds”.
The “implant” could also “scoop up data” from non-Apple apps if they were open at the time of the attack, the broadcaster notes. So if a user had Instagram, WhatsApp or Telegram open, for example, their data may have been exposed.
The attacks were not “persistent”, meaning that users would no longer vulnerable to being hacked if they turned off their device, Vice says.
But Beer warns that “the attackers may nevertheless be able to maintain persistent access to various accounts and services by using the stolen authentication tokens from the keychain, even after they lose access to the device”.
Why does Google keep finding flaws in Apple’s iPhones?
Google’s Project Zero, a team of “white-hat hackers”, is tasked with finding security vulnerabilities in all manner of hi-tech devices, “no matter who it is produced by”, The Guardian says.
As well as Apple’s products, the division has also poked holes in Microsoft’s Windows operating system and Google’s own mobile operating system Android.
However, while the division’s goal is to alert tech firms across the board about security vulnerabilities in order to protect users from cyberattacks, Project Zero has come under fire for its “hard-line” approach.
Firms have 90 days to fix the problem, after which the division will publish details of the security flaw “whether or not the bug has been fixed in that time”, the newspaper reports.
Sign up for Today's Best Articles in your inbox
A free daily email with the biggest news stories of the day – and the best features from TheWeek.com
-
Book reviews: ‘Red Scare: Blacklists, McCarthyism, and the Making of Modern America’ and ‘How to End a Story: Collected Diaries, 1978–1998’
Feature A political ‘witch hunt’ and Helen Garner’s journal entries
By The Week US Published
-
The backlash against ChatGPT's Studio Ghibli filter
The Explainer The studio's charming style has become part of a nebulous social media trend
By Theara Coleman, The Week US Published
-
Why are student loan borrowers falling behind on payments?
Today's Big Question Delinquencies surge as the Trump administration upends the program
By Joel Mathis, The Week US Published
-
Not there yet: The frustrations of the pocket AI
Feature Apple rushes to roll out its ‘Apple Intelligence’ features but fails to deliver on promises
By The Week US Published
-
Space-age living: The race for robot servants
Feature Meta and Apple compete to bring humanoid robots to market
By The Week US Published
-
Apple pledges $500B in US spending over 4 years
Speed Read This is a win for Trump, who has pushed to move manufacturing back to the US
By Rafi Schwartz, The Week US Published
-
TikTok alternatives surge in popularity as app ban looms
The Explainer TikTok might be prohibited from app stores in the United States
By Justin Klawans, The Week US Published
-
DOJ seeks breakup of Google, Chrome
Speed Read The Justice Department aims to force Google to sell off Chrome and make other changes to rectify its illegal search monopoly
By Peter Weber, The Week US Published
-
Google Maps gets an AI upgrade to compete with Apple
Under the Radar The Google-owned Waze, a navigation app, will be getting similar upgrades
By Justin Klawans, The Week US Published
-
Racist texts tell Black people in US to prepare for slavery
Speed Read Recipients in at least a dozen states have been told to prepare to 'pick cotton' on slave plantations
By Peter Weber, The Week US Published
-
Social media ban: will Australia's new age-based rules actually work?
Talking Point PM Anthony Albanese's world-first proposal would bar children under 16 even if they have parental consent, but experts warn that plan would be ineffective and potentially exacerbate dangers
By Harriet Marsden, The Week UK Published