Project Zero, is the elite security group formed by Google with researchers who are dedicated to looking for vulnerabilities in all types of devices, they have found bugs in Android, browsers and even iPhone, in fact, the case we are going to talk about is not the first serious security issue discovered by Project Zero this year.

And it is that the group mentions that iPhones have been hacked for at least 2 years just by visiting a web page, since five exploits have been discovered that allowed root access to the iPhone, that is, to control the entire system and execute all kinds of code without much problem

An exploit is a list of commands that allows a security vulnerability to be exploited. In this case, these exploits took advantage of 12 security vulnerabilities, of which 7 of them affected Safari, Apple's browser and which is the basis of all browsers that want to be available on iOS.

Visiting a simple web page was enough to get hacked

Unlike other exploits where a file or application needs to be installed, here all that was needed to take advantage of the security flaw was for the user to enter a web page with malicious code. In fact, it was not necessary to install anything or click on a specific part, it was enough to enter for the attackers to execute the code and have full control of the device.

According to the Project Zero researchers, once the attackers had access to the device, they installed malicious applications without the users knowing or realizing it (obviously they did not appear in the home), so they took advantage of it to access personal information. such as messages, photos and service passwords.

What is Project Zero and the famous zero-day vulnerabilities?

Why has Google revealed this serious flaw?

Within the companies there is an agreement that establishes that the faults discovered are first shared with the affected companies, which have 90 days to solve the errors, since after that time the Project Zero people publish the discovered faults whether they are solved or not.

This obviously puts pressure on the affected companies, since they must solve the problem before the investigation is published or else the consequences would be worse.

However, the folks at Apple worked fast on this issue and fixed it with the iOS 12.1.4 update, which was initially thought to only fix the FaceTime bug, but actually protects users from hacks from the Internet. a simple web page.

So if you are one of those who refuses to install updates on your iPhone, we recommend that you do so, because otherwise you are exposed to this type of failure.