For at least two years, hackers used compromised websites to install malware on iPhones that could gather and upload a user's photos, contacts, and other data, Google cybersecurity researcher Ian Beer explained in a blog post Thursday evening. "There was no target discrimination: Simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, to install a monitoring implant." The exploits were discovered "in the wild," Beer said, meaning they were being used by real cybercriminals in the real world.
The hackers were able to attack "almost every version from iOS 10 through to the latest version of iOS 12," Beer said, though Apple patched the vulnerability in February after Beer and his associates at Google's Project Zero alerted the company to it. "This indicated a group making a sustained effort to hack the users of iPhones in certain communities over a period of at least two years." He did not speculate as to who was behind the attack or which groups it targeted, and he didn't name the hacked websites, saying only they were visited thousands of times a week. Apple told BBC News it did not wish to comment on Beer's post.
iPhone users should download the latest updates for their devices, but "the reality remains that security protections will never eliminate the risk of attack if you're being targeted," Beer writes. "All that users can do is be conscious of the fact that mass exploitation still exists and behave accordingly; treating their mobile devices as both integral to their modern lives, yet also as devices which when compromised, can upload their every action into a database to potentially be used against them."
The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
-
September 17 editorial cartoonsCartoons Wednesday’s political cartoons include a diet of outrage, toxic rhetoric, and tank treads on states' rights
-
The 9 restaurants to eat at this very momentThe Week Recommends They’re award-winning. Isn’t that reason enough?
-
The UK’s opioid crisis: why the stats don’t add upThe Explainer A new report has revealed that the UK’s total of opioid-related deaths could be much greater than official figures show
-
New York court tosses Trump's $500M fraud fineSpeed Read A divided appeals court threw out a hefty penalty against President Trump for fraudulently inflating his wealth
-
Trump said to seek government stake in IntelSpeed Read The president and Intel CEO Lip-Bu Tan reportedly discussed the proposal at a recent meeting
-
US to take 15% cut of AI chip sales to ChinaSpeed Read Nvidia and AMD will pay the Trump administration 15% of their revenue from selling artificial intelligence chips to China
-
NFL gets ESPN stake in deal with DisneySpeed Read The deal gives the NFL a 10% stake in Disney's ESPN sports empire and gives ESPN ownership of NFL Network
-
Samsung to make Tesla chips in $16.5B dealSpeed Read Tesla has signed a deal to get its next-generation chips from Samsung
-
FCC greenlights $8B Paramount-Skydance mergerSpeed Read The Federal Communications Commission will allow Paramount to merge with the Hollywood studio Skydance
-
Tesla reports plummeting profitsSpeed Read The company may soon face more problems with the expiration of federal electric vehicle tax credits
-
Dollar faces historic slump as stocks hit new highSpeed Read While stocks have recovered post-Trump tariffs, the dollar has weakened more than 10% this year
