Security researchers at Google said they found malicious websites that served iPhone exploits for almost three years.
The attacks weren’t aimed at particular iOS users, as most iOS exploits tend to be used, but were aimed at any user accessing these sites via an iPhone.
“There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant,” said Ian Beer, a member of Google Project Zero, Google’s elite security team.