Security researchers at Google on Aug. 29 revealed their discovery of an unprecedentedly long-running iPhone hack taking place through the phone’s Safari web browser.
In a blog post, the researchers explain how a group of hacked websites, estimated to get thousands of visitors each week, were able to install a piece of code on visiting phones that allowed it to harvest personal information. The group identified a series of 14 vulnerabilities in Apple’s iOS software being used in this hack, which they say has been live on the internet for at least two years.
Almost any iPhone running a version of iOS 10 to iOS 12 was potentially vulnerable, and the hack could “steal private data like iMessages, photos and GPS location in real-time,” the group said. Apple wasn’t immediately available to comment on the news.
The hack provided deep access to an infected iPhone, which potentially could have even allowed the perpetrators to read encrypted messages from WhatsApp, Signal, or Telegram, and access social media accounts, according to Wired. “This is terrifying,” Thomas Reed, a malware researcher at the security software company Malwarebytes told Wired. “We’re used to iPhone infections being targeted attacks carried out by nation-state adversaries. The idea that someone was infecting all iPhones that visited certain sites is chilling.”
Google alerted Apple to its findings on Feb. 1, and Apple released an update to iOS on Feb. 7 that patched the problem. To ensure that your iPhone, iPad, or iPod Touch is protected, make sure your device is updated to the latest version of iOS, which is currently 12.4.1.
Here’s how check if you’re on the latest version:
- Open the Settings app
- Scroll down to “General” and tap it
- Tap “Software Update”
- If you have an iOS update available, you’ll be able to download it from here; otherwise you’ll see confirmation that you’re on the latest version