If Google wanted, they could claim several million dollars in bounty rewards from Apple for revealing a number of iPhone security issues.
Security researchers at Google discovered a number of malicious websites which, when visited, were allowing access to people iPhones. From there, those hackers could gain access to a number of iPhone features, photos and implant apps that could do some serious damage without iPhone users ever having a clue they were being attacked.
Google discovered the issues through their Project Zero brand and noted in a deep-dive blog post on Thursday that the websites were visited thousands of times per week by unsuspecting victims. They called the intrusion an “indiscriminate” attack.
According to Ian Beer, a security researcher at Project Zero, the victimized iPhones and owners of those phones had been attacked over a “period of at least two years." Further to that, researchers discovered 12 separate security flaws, including seven Safari-exclusive issues. If an iPhone had been compromised, it allowed an attacker to gain “root” access to the device.
Google gave Apple a week to fix the flaws to which Apple rolled out a fix six days later with iOS 12.1.4 for iPhone 5s and iPad Air and later.
New: Google security researchers say they've found a number of malicious websites that can silently hack an iPhone simply by visiting it. Thousands were hacked every week. https://t.co/4U9s8EEqgH— Zack Whittaker (@zackwhittaker) August 30, 2019
What This Means
Basically, Apple has one of the most lucrative bug bounty payout programs in the tech industry in an attempt to ensure hacks like this don't happen. In some cases, rewards as high as $1 million can be awarded to security experts who help stop those who silently target an iPhone and gain root-level privileges without any user interaction.
If Apple were to live up to that promise, they'd technically owe Google a lot of money right now. For now, they should probably just be thanking Google for discovering an issue that could have been much worse than it already was.