The Google Project Zero team's job is to work with other companies to uncover and report security vulnerabilities to build a security framework on popular operating systems and protect users. It was this same team that discovered a serious security vulnerability in the iPhone that allowed an attack on any device that visited malicious websites. According to the Project Zero blog post, the attacks could be the largest ever launched against Apple smartphone users, affecting iOS 10 through 12 versions.
According to experts, these attacks could compromise users' personal files, messages and location data in real time. The team will have reported these issues to Apple earlier this year, which promptly addressed these vulnerabilities.
Through the vulnerability, the attacks opened doors for websites to place an implant in the iPhone key, giving hackers access to credentials and certificates contained within it. In addition, they could access application databases such as WhatsApp and iMessage by accessing encrypted text messages.
It is also mentioned that as a rule, victims are directed to websites, with individual links sent, but in this case, users only had to visit malicious sites to be attacked. Websites that are visited by thousands of people weekly. In total, the researchers found 14 vulnerabilities in five exploitation chains, including one that had not yet been fixed when experts found it.
When these vulnerabilities were discovered in February, investigators gave Apple only one week to correct them, demonstrating their severity. These would eventually be fixed with iOS version 12.1.4.