Google researcher details sustained, indiscriminate iPhone malware attack spread via hacked websites


For at least two years, hackers used compromised websites to install malware on iPhones that could gather and upload a user's photos, contacts, and other data, Google cybersecurity researcher Ian Beer explained in a blog post Thursday evening. "There was no target discrimination: Simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, to install a monitoring implant." The exploits were discovered "in the wild," Beer said, meaning they were being used by real cybercriminals in the real world.
The hackers were able to attack "almost every version from iOS 10 through to the latest version of iOS 12," Beer said, though Apple patched the vulnerability in February after Beer and his associates at Google's Project Zero alerted the company to it. "This indicated a group making a sustained effort to hack the users of iPhones in certain communities over a period of at least two years." He did not speculate as to who was behind the attack or which groups it targeted, and he didn't name the hacked websites, saying only they were visited thousands of times a week. Apple told BBC News it did not wish to comment on Beer's post.
iPhone users should download the latest updates for their devices, but "the reality remains that security protections will never eliminate the risk of attack if you're being targeted," Beer writes. "All that users can do is be conscious of the fact that mass exploitation still exists and behave accordingly; treating their mobile devices as both integral to their modern lives, yet also as devices which when compromised, can upload their every action into a database to potentially be used against them."
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.

Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
Sign up for Today's Best Articles in your inbox
A free daily email with the biggest news stories of the day – and the best features from TheWeek.com
Peter has worked as a news and culture writer and editor at The Week since the site's launch in 2008. He covers politics, world affairs, religion and cultural currents. His journalism career began as a copy editor at a financial newswire and has included editorial positions at The New York Times Magazine, Facts on File, and Oregon State University.
-
Today's political cartoons - May 4, 2025
Cartoons Sunday's cartoons - deportation, Canadian politeness, and more
-
5 low approval cartoons about poll numbers
Cartoons Artists take on fake pollsters, shared disapproval, and more
-
Deepfakes and impostors: the brave new world of AI jobseeking
In The Spotlight More than 80% of large companies use AI in their hiring process, but increasingly job candidates are getting in on the act
-
Trump calls Amazon's Bezos over tariff display
Speed Read The president was not happy with reports that Amazon would list the added cost from tariffs alongside product prices
-
Markets notch worst quarter in years as new tariffs loom
Speed Read The S&P 500 is on track for its worst month since 2022 as investors brace for Trump's tariffs
-
Tesla Cybertrucks recalled over dislodging panels
Speed Read Almost every Cybertruck in the US has been recalled over a stainless steel panel that could fall off
-
Crafting emporium Joann is going out of business
Speed Read The 82-year-old fabric and crafts store will be closing all 800 of its stores
-
Trump's China tariffs start after Canada, Mexico pauses
Speed Read The president paused his tariffs on America's closest neighbors after speaking to their leaders, but his import tax on Chinese goods has taken effect
-
Chinese AI chatbot's rise slams US tech stocks
Speed Read The sudden popularity of a new AI chatbot from Chinese startup DeepSeek has sent U.S. tech stocks tumbling
-
US port strike averted with tentative labor deal
Speed Read The strike could have shut down major ports from Texas to Maine
-
Biden expected to block Japanese bid for US Steel
Speed Read The president is blocking the $14 billion acquisition of U.S. Steel by Japan's Nippon Steel, citing national security concerns