For years, malware was being smuggled onto iPhones via manipulated websites. This allowed attackers to read messages, contacts, photos, passwords and the like. This remained undetected across several iOS versions.
This series of attacks was discovered by Google's Project Zero security team. Apple was informed in February and closed the last existing loopholes. According to Ian Beer of Project Zero, almost all iOS iterations between version 10 and 12, including subversions, were affected.
According to Beer, there was no specific target for these attacks by strangers. Users were infected simply by accessing the affected websites from an iPhone. They then started the exploit and install an implant on the devices. Google has not published which pages these were. However, they are said to have had several thousand visitors per week and targeted members of certain communities.
In many cases, so-called zero-day exploits are said to have been used, for which there is no patch yet. Even when Google discovered these attacks, it is said that such a vulnerability was still in iOS. Apple has now closed the door to this.
Attackers were able to find out your location
According to Beer, the software installed on the iPhones could pick up all kinds of information. This included messages from encrypted chats such as iMessage or WhatsApp. The attackers were also able to copy the contact database and all the photos on the device, as well as the data from other apps and the passwords stored in Apple's keychain. In addition, the GPS coordinates of the affected device could be queried in real time.
So a lot of information could be picked up with just one installation. These were transferred unencrypted to a server. However, Beer also notes that the malware did not survive a restart of the device. Such attacks are relatively unknown in the iOS space. Exploits for iOS are relatively rare and are therefore sold for a lot of money - sometimes in the millions - and are usually used in very targeted ways.
Apple reveals new iPhones on September 10
Meanwhile, various media have received invitations to the next Apple event. The manufacturer will actually show the new iPhones on September 10. There's probably going to be a new camera. There is also a rumor about a new naming scheme, which could also include an iPhone Pro.
Source: Google Project Zero