Google researchers drop a bombshell- Targeted iPhone exploits from malicious websites dating back years

In Technology News by FL Computer Tech
apple iphone

A new report from Vice today details discoveries made by Google Project Zero researchers that “may be one of the largest attacks against iPhone users ever.” The basis of the attacks is a series of hacked websites, which were randomly distributing malware to iPhone users.

In a blog post, Project Zero’s Ian Beer explained that there was “no target discrimination” when it came to this series of attacks. Users could be impacted by simply visiting one of the hacked sites, which were said to be receiving thousands of views per week.

Google’s Threat Analysis Group detected a set of five separate and complete iPhone exploit chains affecting iOS 10 through all versions of iOS 12. “This indicated a group making a sustained effort to hack the users of iPhones in certain communities over a period of at least two years,” Beer wrote.

Once a user visited one of the malicious websites and the malware was deployed, the implant “primarily focused on stealing files and uploading live location data,” as often as every 60 seconds. Because the end device itself had been compromised, services like iMessage were also affected.

Working with TAG, we discovered exploits for a total of fourteen vulnerabilities across the five exploit chains: seven for the iPhone’s web browser, five for the kernel and two separate sandbox escapes. Initial analysis indicated that at least one of the privilege escalation chains was still 0-day and unpatched at the time of discovery.

Beer says that Project Zero reported the issues to Apple with a 7-day deadline on February 1st, 2019 – and they were fixed in the release of iOS 12.1.4 on February 9th, 2019.

This chain of exploits is unique because many attacks are more targeted in scope, but this one affected anyone who happened to visit one of the infected websites.

To be targeted might mean simply being born in a certain geographic region or being part of a certain ethnic group. All that users can do is be conscious of the fact that mass exploitation still exists and behave accordingly; treating their mobile devices as both integral to their modern lives, yet also as devices which when compromised, can upload their every action into a database to potentially be used against them.

The incredibly detailed analysis of iOS exploit chains found in the wild can be read on Google’s Project Zero blog. Here, Ian Beer goes into more details about the security fixes Apple made in iOS 12.1.4, which included a fix for the FaceTime eavesdropping bug, as well as security issues discovered by the Project Zero team.

Picture of Michael Duff

Michael Duff

Leave a Replay

Search

Our Latest News

FL Computer Tech is best choice for Managed-IT in Florida but what about the rest of the US? Choosing the right Managed Service Provider, aka MSP, is a daunting and critical responsibility and that’s why we created the  OutSourced MSP website.  OutSourced MSP is a Managed Service Provider directory website that helps businesses nationwide find reputable, Managed-IT services. Check it out!

Facebook-f Twitter Pinterest

Recent Posts

New Agents in Microsoft Purview

Too many alerts can make it harder to focus on real data risks. ⚠️ New Microsoft Purview agents help cut through noise, highlight priority incidents, and surface risks using natural language queries. Watch the video to see how faster insight and action improve data security workflows. 🤖 @Microsoft Security

Read More »

Microsoft Copilot: Your AI companion

Communicating benefits changes doesn’t have to be complicated. 💬 Try this in Copilot Chat: “Draft a memo to employees announcing a change in health insurance carrier choices.” Copilot Chat helps you create clear, thoughtful communications, fast. So, employees know what’s changing and what to do next: https://copilot.microsoft.com/

Read More »

AI use Cases for Business Leaders

How can you turn AI investments into tangible impact? Learn from the experiences of the organizations featured in the eBook, ‘AI Use Cases for Business Leaders: Realize Value with AI.” Sharing insights from peers using Microsoft AI solutions like Copilot to drive value, it highlights how generative AI can help achieve goals such as: ✔️ Boosting employee productivity ✔️ Streamlining operations ✔️ Accelerating innovation Download your complimentary copy for ideas on how generative AI can help you drive measurable impact. 💡 @Microsoft Copilot @Microsoft 365

Read More »

Follow Us

Video Archive

Sign up for our Newsletter

Looking for the latest in technology news? Do you like tips, tricks and shortcuts? Sign up today!

Looking for the Best Managed-IT Business Solutions?

Get a quote Get a quote
Remote Support

Need immediate computer support? A certified technician is only a call and a click away.

GET HELP NOW GET HELP NOW

Newsletter

Subscribe our newsletter to get our latest update & news

    Facebook-f Linkedin Twitter Pinterest-p

    Official info:

    3501 Quadrangle Blvd
    Suite #305
    Orlando, FL 32817

    1-(941) 564-5464

    Open Hours:

    Mon - Sat: 8 am - 5 pm,
    Sunday: CLOSED
    24/7 Emergency Services Available

    Internet Speedtest

    internet speed test

    © 2025 FL Computer Tech | Managed-IT Services. All rights reserved.

    Terms and Conditions - Privacy Policy