iPhones are considered as the most secure phones right? Well, it appears as if the king of privacy and security can sometimes fail as well. Google security researchers working on the Zero team found a flaw in the iPhone which could allow hackers to gain access to complete user’s data.
According to Motherboard, the researchers found that iPhone users visiting the affected sites would have their data compromised. The hackers would essentially be able to get their hands on iPhone users’ photos, personal files, messages and also be able to track the user in real-time. This could very well be one of the biggest loopholes found in Apple’s ecosystem in a very long time.
The report by Motherboard states that, the hackers essentially targeted iPhone’s enchain software with their own implants. Doing so would allow the hackers to gain access to credentials and/or certificates present in the key-chain which would further allow them to breach databases of apps like iMessage and WhatsApp. Even though the apps are encrypted end-to-end, the cyber-criminals would be able to read messages in plain-text as the phone’s security would be compromised.
Is my iPhone still vulnerable?
The Google Zero research team notified Apple about this loophole earlier this year and since then, the iPhone maker has fixed the issue. According to researchers, an estimate of thousands of users visited the compromised websites from their iPhones every week. Apple was given a notice of seven days to fix the issue before making it public and the company fixed it with the iOS 12.1.4 update. Usually companies are given a 90 days window, however, given the severity of the loophole, the researchers may have decided to shorten the window.
It was found that iOS 10 to 12 were affected by this vulnerability. The researchers found 14 loopholes through five different points. The loopholes have been fixed now, however, the researchers say that there still may be many more left.