Websites infected iPhones with spyware, researchers say

FILE – This Sept. 12, 2018, ... — Marcio Jose Sanchez, Associated Press file
This Sept. 12, 2018, file photo shows an Apple iPhone XR on display at the Steve Jobs Theater after an event to announce new products, in Cupertino, Calif. Security experts are calling a newly announced security vulnerability the worst yet affecting Apple’s iPhone. Google researchers say the mere act of visiting a small group of malware-infected websites was enough to allow attackers to steal sensitive information from iPhones, including text messages, photos and real-time location data.

PUBLISHED: August 30, 2019 at 9:52 a.m. | UPDATED: August 30, 2019 at 9:55 a.m.

By The Associated Press

Researchers say cyberspies exploited security vulnerabilities to plant spyware on Apple iPhones when users merely visited a small group of malware-infected websites.

Sensitive data accessed included text messages, photos and real-time location. Security experts are calling the just-announced vulnerability, which Apple fixed in February, the worst yet affecting iPhones.

Google security researchers say thousands of iPhone users were exposed over more than two years before Apple issued a patch. They do not say who was behind the cyberespionage but experts say it has the hallmarks of a nation-state effort.

Google researcher Ian Beer says in a blog posted late Thursday that the discovery should dispel any notion that it costs a million dollars to successfully hack an iPhone.

Apple did not immediately respond to a request for comment.