Threat actors may have hacked into thousands of iPhones via an “indiscriminate” attack involving a number of malicious websites, new research by Google shows. The websites were visited by thousands of users per week and according to Ian Beer of Google, “simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant.”
The campaign was active for at least two years and took advantage of 12 separate security flaws that could lead to device exploitation along five different attack chains, all of which enabled threat actors to obtain privileged access on targeted iPhones. Threat actors used this access to steal user data including password and to track user locations. Apple fixed the flaws earlier this year.
Read more: Malicious websites were used to secretly hack into iPhones for years, says Google