- Google Project Zero found that the iPhone had 14 security vulnerabilities that had existed for two years. Google said that users only need to visit a malicious website which allows hackers to get information, photos, contacts and location information. In February of this year, Apple fixed these vulnerabilities in a software update, but Google said there are still other issues to be resolved.
Earlier, Apple just launched a large-scale marketing campaign around the privacy of the iPhone. At the CES 2019, just across from the main conference center, which is labeled with the Google Assistant logo, Apple released an ad that read: “What happens on your iPhone, stays on your iPhone.” The company also launched an ad promoting iPhone privacy features.
After Google notified Apple, Apple released iOS 12.1.4 in February this year. “There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant. We estimate that these sites receive thousands of visitors per week.” According to Google’s Threat Analysis Group (TAG), hackers used 14 different vulnerabilities to get private information from the iPhone.
One of the vulnerabilities allowed an attacker to access private messages. TAG states that an attacker can obtain “a teardown of the implant used, including a demo of the implant running on my own devices, talking to a reverse-engineered command and control server and demonstrating the capabilities of the implant to steal private data like iMessages, photos and GPS location in real-time.“