Google reveals major iPhone security flaws that let websites hack phones
Security researchers working on Google's Project Zero team have revealed that they have discovered a hacked website that indiscriminately attacks every iPhone they visit using previously undisclosed security flaws. Motherboard reports that the attack may be one of the largest conducted against iPhone users. When a user visits one of the malicious websites using a vulnerable device, their personal files, messages and real-time location data can get corrupted. After reporting the findings to Apple, iPhone manufacturers patched this vulnerability earlier this year.
Motherboard pointed out that this attack could allow the site to access the iPhone's keychain to install implants. This allowed the attacker to access the credentials or certificates contained within it, as well as access to databases of secure messaging applications such as WhatsApp and iMessage. Despite these apps, which use end-to-end encryption for message transmission, if an end device is compromised by this attack, an attacker can gain clear text access to previously encrypted messages.