Researchers from Google’s Project Zero security initiative on Thursday said a “small collection” of hacked websites have for many years hosted exploits targeting iPhone models, including the iPhone X, running the latest version of iOS 12.
While Google described the attacks as “indiscriminate,” a report over the weekend by TechCrunch suggests the websites were part of a Chinese state-backed attack that specifically targeted Uyghur Muslims.
TechCrunch says the websites were part of a campaign to target religious group by infecting an iPhone with malicious code simply by visiting an infected web page. An attacker could then read a victim’s messages, passwords, and track their location in near-real time.
Google told Apple about the issue on February 1, and Apple released a patch for the problem with iOS 12.1.4, which was released on February 7.
While the exploits were said by Google to target iPhone users, Gizmodo on Sunday reported that the sites also targeted Android and Windows users.
“While the Google team only reported iPhone users being targeted by this attack, sources familiar with the matter told Forbes that devices using Google and Microsoft operating systems were also targeted by these same sites. Thus widening the potential scale of an already unprecedented attack.”
It isn’t clear if Google had discovered or shared information about the additional platforms being targeted. When Gizmodo asked about these reported developments, a Google spokesperson said the company had no new information to disclose.