On the same day Apple revealed the date for its latestiPhoneevent, Google’s privacy team said it had discovered a two-year long vulnerability in the phone-maker’s software.
The bug targeted a small number of websites. Simply visiting those pages could have left iPhone users susceptible to the breach and possibly affected thousands of users per week, Google Zero wrote in a number of blog posts on Thursday.
Visiting the unnamed sites allowed hackers to gain access to a plethora of information, including the ability to track movements via the phone’s GPS system, to obtaining passwords and being privy to sensitive conversations through iMessage and WhatsApp.
The report from Google came at the same time Apple announced the date for unveiling its next iPhones, and potentially a slew of other products. Earlier in August Apple’s top security engineer said the company would begin distributing special iPhones to researchers to help them discover flaws before malicious hackers do.
The bug-hunting hackers at Google reported the issue to Apple on Feb. 1 and, less than a week later, Apple updated its operating systems. Apple did not return a request for comment.
Google’s Project Zero is an elite unit of Alphabet Inc.’s Google, made up of cybersleuths who hunt for “zero day” vulnerabilities — unintended design flaws that can be exploited by hackers to break into computer systems.
“All that users can do is be conscious of the fact that mass exploitation still exists and behave accordingly,” Ian Beer, a Project Zero researcher, wrote in a blog post. “Treating their mobile devices as both integral to their modern lives, yet also as devices which when compromised, can upload their every action into a database to potentially be used against them.”Continue Reading