Malicious websites granted acces into hacking iPhones
Google’s Threat Analysis Group (TAG) discovered that a collection of malicious websites allowed hacking of the iPhones using the zero-day vulnerability for over at least two years.
In its official blog, Google said that the hacked sites were being used to attack against the visitors. TAG was able to collect five unique iPhone exploit chains, affecting every version from iOS 10 through to the latest iOS 12.
By simply visiting the hacked site, it was enough for the exploit server to attack the device and install a monitoring implant. The bug was reported earlier this year and Apple had fixed the issues in the iOS 12.1.4 release.