Security researchers working in Google's Project Zero team say they have discovered a number of hacked websites which undisclosed security flaws to indiscriminately attack any iPhone that visited them. Motherboard reports that the attack could be one of the largest ever conducted against iPhone users. If a user visited one of the malicious websites using a vulnerable device, then their personal files, messages, and real time location data could be compromised. After reporting their findings to Apple, the iPhone manufacturer patched the vulnerabilities earlier this year.
Motherboard notes that the attack could have been committed to installing an iPhone with an iPhone keychain. This would have been the access to the credentials and the content of the messaging apps like WhatsApp and iMessage. In spite of these apps using end-to-end encryption for the transfer of messages, the attacker could now access encrypted messages in plain text.