The BBC reported last Friday that Google security researchers have located malicious websites that allowed personal data to be taken from iPhone devices.
The security researchers determined the website attack appeared to have been functioning at least for two years before it was discovered and subsequently reported to Apple on February 1, 2019. The websites had the capability to implant malicious software on the devices and gather information such as installed contacts, photos, GPS locations, and various other data.
The software was also able to collect certain information from third party applications installed on the device, such as Instagram, WhatsApp, and Telegram. According to data collected from Google analytics, the websites containing the malicious code were visited thousands of times per week. It is not known who is responsible for the attack, nor where the information collected has ended up.
Once the vulnerability was reported to Apple, a security update was issued that patched the issue and prevented the malicious websites from infecting additional devices.
To help protect your device, ensure your device is running the latest operating system version available. At the date of publication, the latest version of software available for iPhone users is 12.4.1.
Email: firstname.lastname@example.org Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology