Tuesday, April 29, 2025
HomeAppleGoogle Found 5 iOS Exploit Chain Via Hacked Websites to Remotely Hack...

Google Found 5 iOS Exploit Chain Via Hacked Websites to Remotely Hack Your iPhone If You Just Visting the Site

Published on

SIEM as a Service

Follow Us on Google News

Researchers from Google Project Zero team uncovered a five dangerous iOS exploit chain in wide that can hack almost every iPhone running with iOS 10 to 12 by just trick them to visit the hacked website.

An unknown hacking group targeting iPhone using by implants this exploit chain over 2 years through various hacked websites.

Google’s Threat Analysis Group (TAG) discovered a collection of hacked websites which is used to attack the iPhone user with iOS exploit by using watering hole attacks against visitors.

- Advertisement - Google News

Attackers not playing any tough game with website visitors, but just simply visiting the hacked site was enough for the exploit server to attack your device and the successful attack will lead to installing the further implant to monitor your devices.

These 5 iOS exploit chain developed for 14 different vulnerabilities, in which, seven for the iPhone’s web browser, five for the kernel and two separate sandbox escapes vulnerability.

iOS Exploit Chain
Source: Google

Based on the Project zero team analysis, these implants developed to steal private data like iMessages, photos and GPS location in real-time from compromised iPhone.

During the process of analysing these exploits, Google researchers uncovered 2 zero-day vulnerabilities that was unpatched and attackers actively exploited these vulnerabilities.

Google reported this 2 zero-day bug on Feb 1, 2019, to Apple with 7 days deadline to fix the issue which leads Apple to released iOS 12.1.4 and same GBHackers on security published an alert update for an Apple community and warned to apply the patch.

These 0day’s are exploiting the memory corruption vulnerability and an ability to execute arbitrary code with kernel privileges in iOS, and another zero-day flow allows gaining elevated privileges.

Ian Beer from Project zero has elaborately described with a detailed write-ups of all five privilege escalation exploit chains including a demo of the implant running on my own devices.

  1. iOS Exploit Chain #1
  2. iOS Exploit Chain #2
  3. iOS Exploit Chain #3
  4. iOS Exploit Chain #4
  5. iOS Exploit Chain #5
  6. JSC Exploits
  7. Implant Teardown

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and Hacking News update.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

RansomHub Ransomware Deploys Malware to Breach Corporate Networks

The eSentire’s Threat Response Unit (TRU) in early March 2025, a sophisticated cyberattack leveraging...

19 APT Hackers Target Asia-based Company Servers Using Exploited Vulnerabilities and Spear Phishing Email

The NSFOCUS Fuying Laboratory’s global threat hunting system identified 19 sophisticated Advanced Persistent Threat...

FBI Reports ₹1.38 Lakh Crore Loss in 2024, a 33% Surge from 2023

The FBI’s Internet Crime Complaint Center (IC3) has reported a record-breaking loss of $16.6...

Fog Ransomware Reveals Active Directory Exploitation Tools and Scripts

Cybersecurity researchers from The DFIR Report’s Threat Intel Group uncovered an open directory hosted...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

New iOS Vulnerability Could Brick iPhones with Just One Line of Code

A security researcher has uncovered a critical vulnerability in iOS, Apple's flagship mobile operating...

CISA Issues Alert on Actively Exploited Apple 0-Day Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority warning regarding two...

43% of Top 100 Enterprise Mobile Apps Expose Sensitive Data to Hackers

A comprehensive study by zLabs, the research team at Zimperium, has found that over...