Google Project Zero security researchers have discovered recently that some websites were infecting Apple iPhones with spyware from the past two years. And the tech giant identified the vulnerability in Feb this year and offered a security patch along with the FaceTime eavesdropping bug susceptibility.
Security analysts say that those who visited the malicious websites could find their messages, photos and location data exposed to hackers.
What’s amazing in this hacking activity is the fact that the website server hacked the device on the very first visit without any target discrimination.
iPhone Vulnerabilities which ran across 5 separate exploit chains were seen infecting iOS 10 to iOS 12 version loaded smartphones.
The vulnerability is said to have exposed over 1 billion infected iPhone users to hackers allowing them to install malicious apps, steal real-time location data and photos, and sneak into WhatsApp, Telegram, and iMessages and delete them without the knowledge of the user. Although a reboot would wipe the spyware, it would return when the victim revisited the website.
Google did not mention the names of the websites which were loaded by Spyware in its Project Zero blog post.
However, a source from the New York Times states that the websites include those indulging in gaming, Good Morning greetings sharing, Music download, online streaming and some websites related to cryptocurrency lending.
Note- Perhaps after analyzing all such vulnerabilities, Apple might have offered $1 million to those who find security flaws in its devices and services- all as a part of the bug bounty program.