Google Project Zero unveils: Websites infects iPhones

[German]Security researchers from Google's Project Zero have discovered a previously unknown group of hackers who have been attacking iPhones via compromised websites for years. Visiting those sites leaves a complex exploit chains of malicious code on Apple devices.


Earlier this year, Google's Threat Analysis Group (TAG) discovered a number of hacked websites. The hacked sites were used for indiscriminate attacks on 0-day exploits on visitors surfing to the site with an iPhone.   

The above tweet points to this discovery, the security team has published this discovery in a blog post

A visit to the hacked page infects the device

The hackers were not choosy in their choice of victims. A simple visit to the hacked website was enough for the exploit server to attack the iOS device being used. If it was successful, the cyber criminals installed a surveillance implant. The Google security team estimates that these sites have thousands of visitors per week and could infect them.

Five exploits, used for years

Google's TAG has detected five separate, complete and unique iPhone exploit chains that can attack almost any version of iOS 10 up to the latest version of iOS 12. This indicated that a hacker group is making sustained efforts to hack iPhone users in certain communities for at least two years.


The exploits discovered are quite complex and use exploit chains to exploit vulnerabilities in the kernel of Safari. In addition, there are several exploits to break out of sandboxes. In the event of a successful attack, the hackers then had complete control over what they could monitor and do on the iPhone. This allowed encrypted chats to be retrieved from WhatsApp, etc., contacts and photos to be retrieved, etc. In principle, all data could be read by the iPhone.

The development of the exploits must have cost millions of US dollars, which fuels speculation about the originators. Apple then responded to Google's tip on February 7, 2019 with an unscheduled update to iOS 12.1.4. Details about the exploits can be found in Project Zero's blog post.

Cookies helps to fund this blog: Cookie settings


This entry was posted in Security and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *