"There was no discreet targeting, just a visit to the infected site was enough to server "If it was successful, it would install a monitoring implant," writes security researcher Ian Beer in a blog post. Once inserted into the iPhone, this implant is able to steal messages, photos and location data in real time.
The publication does not specify how many of these sites are, but researchers estimate that each receives thousands of visits on a weekly basis. The hacks targeted from iOS 10 to iOS 12, which according to Beer shows that there is a "constant effort" to hack iPhones over a period of two years.
Websites accessed iPhones through five methods or "chains". The researchers found 14 distinct vulnerabilities that made these chains possible. Seven of these vulnerabilities were found in Safari, which is the default browser for iPhone devices.
The researchers reported to Apple their findings in February and gave the company a seven-day deadline to correct the vulnerabilities. Six days later, Apple updated the security software on iOS 12. Google has given Apple a much tighter deadline than usual, as the rule is 90 days to fix such issues.
Apple has generally acquired a rumor about the safety of its devices, and earlier this month the company raised the amount of money it would pay in a bug bounty, to $ 1 million.