Previous All Posts Next

Google Warns: iPhones Hacked by Visiting Websites

Posted: September 3, 2019 to Technology.

Tags: Malware, Data Breach, Cloud Security

Google researchers released a report earlier today that warns your iPhone can be hacked just by visiting one innocent-looking website. A previous iPhone hacking campaign discovered by Google’s ProjectZero had identified at least five unique iPhone exploit chains that were capable of remotely jailbreaking an iPhone and loading spyware on it. Those exploit chains were found to utilize a total of 14 separate vulnerabilities in Apple’s iOS. ProjectZero researcher Ian Beer blog post stated that only two of the 14 security vulnerabilities were zero-days, CVE-2019-7287 and CVE-2019-7286, and unpatched at the time of discovery. And the campaign went on for two years. "We reported these issues to Apple with a 7-day deadline on 1 Feb 2019, which resulted in the out-of-band release of iOS 12.1.4 on 7 Feb 2019. We also shared the complete details with Apple, which were disclosed publicly on 7 Feb 2019," Beer says. "Simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant." An iPhone user landed on one of the hacked websites triggered Webkit exploits that attempted to gain access to the users iOS device. Privilege escalation then permitted deeper access until finally root access was obtained. iMessages, photos, and live GPS locations were then uploaded to an external server every 60 seconds. The spyware implant also stole data from several apps like Whatsapp, Telegram, iMesage, and private chat and stored that data in plain text. Perhaps worse, the spyware also gained access to keychain data containing credentials, authentication tokens, and certificates. Long-lived tokens included such services as Google’s Single-Sign-On which gave the hackers access to the user’s Google account, even once the Spyware was no longer running. According to Beers, there is “no visual indicator on the device that the implant is running.” Beers continued to say that there’s “no way for a user on iOS to view a process listing, so the implant binary makes no attempt to hide its execution from the system.” Apple has already patched the majority of the exploits and vulnerabilities, and users are always recommended to keep their devices up-to-date.

Related Resources

Learn more about how Petronella Technology Group can help:

Need help implementing these strategies? Our cybersecurity experts can assess your environment and build a tailored plan.
Get Free Assessment
Explore Our Services
Cybersecurity AI Services Compliance HIPAA CMMC Managed IT

Related Articles

Build an AI Agent with n8n: Step-by-Step Tutorial Ollama vs vLLM: Enterprise AI Inference Comparison 2026 Proxmox vs VMware 2026: Why We Migrated (And You Should Too) AI Workstation Build Guide 2026: RTX 5090 Deep Learning Setup

About the Author

Craig Petronella, CEO and Founder of Petronella Technology Group
CEO, Founder & AI Architect, Petronella Technology Group

Craig Petronella founded Petronella Technology Group in 2002 and has spent more than 30 years working at the intersection of cybersecurity, AI, compliance, and digital forensics. He holds the CMMC Registered Practitioner credential (RP-1372) issued by the Cyber AB, is an NC Licensed Digital Forensics Examiner (License #604180-DFE), and completed MIT Professional Education programs in AI, Blockchain, and Cybersecurity. Craig also holds CompTIA Security+, CCNA, and Hyperledger certifications.

He is an Amazon #1 Best-Selling Author of 15+ books on cybersecurity and compliance, host of the Encrypted Ambition podcast (95+ episodes on Apple Podcasts, Spotify, and Amazon), and a cybersecurity keynote speaker with 200+ engagements at conferences, law firms, and corporate boardrooms. Craig serves as Contributing Editor for Cybersecurity at NC Triangle Attorney at Law Magazine and is a guest lecturer at NCCU School of Law. He has served as a digital forensics expert witness in federal and state court cases involving cybercrime, cryptocurrency fraud, SIM-swap attacks, and data breaches.

Under his leadership, Petronella Technology Group has served 2,500+ clients, maintained a zero-breach record among compliant clients, earned a BBB A+ rating every year since 2003, and been featured as a cybersecurity authority on CBS, ABC, NBC, FOX, and WRAL. The company leverages SOC 2 Type II certified platforms and specializes in AI implementation, managed cybersecurity, CMMC/HIPAA/SOC 2 compliance, and digital forensics for businesses across the United States.

CMMC-RP NC Licensed DFE MIT Certified CompTIA Security+ Expert Witness 15+ Books
Related Service
Enterprise IT Solutions & AI Integration

From AI implementation to cloud infrastructure, PTG helps businesses deploy technology securely and at scale.

Explore AI & IT Services
Previous All Posts Next
Free cybersecurity consultation available Schedule Now