Researches from Google revealed vulnerabilities in iOS software – 5 five for its kernel and 7 for the Safari browser. Moreover, Google Project Zero discovered that hackers through malicious websites get access to victims’ phones.
Cybersecurity researchers announced on their blog that the vulnerabilities allow attackers to grant root permission, which means hackers gained rights or permissions (to the whole device’s data) in all modes. If they succeed, a monitoring implant was installed on the device; through it, they got full access to every file on the phone (i.a. photos, contact list, text messages).
The implant allowed free exploit chains stream, including the ones that served for authorization of many websites. According to the TAG (Google’s Threat Analysis Group) assessment, attacked websites had thousands of visitors weekly.
What is comforting, hackers lost access to the victim’s data when the phone was restarted. In this case, the malicious script could run up from several days to many weeks.
Source: Google Project Zero