Security researchers at Google have found evidence of a “sustained effort” to hack iPhones over a period of at least two years.
The attackers were able to exploit “almost every version from iOS 10 through to the latest version of iOS 12”, Mr Beer added.
“This indicated a group making a sustained effort to hack the users of iPhones in certain communities over a period of at least two years.”
Are you protected?
Apple issued a software fix to address the flaw back in February.
If you are an iPhone user, you should make sure your device is running the latest version of iOS, to make sure you are protected.
To do this, go to Settings and tap General. Under ‘Software Update’ you should be running iOS 12.4.1.
If you are not running iOS 12.4.1 you will be given the opportunity to update your device.
Google’s team notified Apple of the vulnerabilities on 1 February this year. A patch was subsequently released six days later to close the vulnerability. Apple’s patch notes refer to fixing an issue whereby “an application may be able to gain elevated privileges” and “an application may be able to execute arbitrary code with kernel privileges”.
iPhone users should update their device to the latest software to make sure they are adequately protected.
Unlike some security disclosures, which offer merely theoretical uses of vulnerabilities, Google discovered this attack “in the wild” – in other words, it was in use by cybercriminals.
Mr Beer’s analysis did not speculate on who may be behind the attack, nor how lucrative the tool may have been on the black market. Some “zero day” attacks can be sold for several millions dollars – until they’re discovered and fixed.