How a 4-Year iPhone Hack Exposed a Major Security Flaw

A security flaw in Apple's iOS and macOS devices allowed hackers to take full control of them by sending a malicious PDF file.

[{"selector":"#anim-f7ecd0b9-6765-4670-a7ca-9e80e0a88774","keyframes":{"transform":["translate3d(-116.50485%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-9385d5b1-f94c-4645-a56d-fbd1cdb8e4ee","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-7744fd44-9e39-41e8-b0b5-2e4de046da7f","keyframes":{"transform":["scale(0.15)","scale(1)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"forwards"}]

The flaw affected the kernel and WebKit, the core components of the operating system and the web browser.

[{"selector":"#anim-b6a25460-62ae-4686-84a3-6044cec036b5","keyframes":{"transform":["translate3d(-113.50482%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-ade9e8ae-94e4-418c-b604-23eb50fd033b","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-67fc0b36-8518-4661-94cc-8c58cfaf0468","keyframes":{"transform":["scale(0.15)","scale(1)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"forwards"}]

Apple said it was aware of reports that the flaw was actively exploited by hackers, but did not provide details.

[{"selector":"#anim-444dbd28-73f2-4e35-a2a7-6e032c01bac7","keyframes":{"transform":["translate3d(-115.09434%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-547127e0-3317-4bcb-8495-6fda4f5510c9","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-e56ccd86-0e73-4369-a37e-5ca38b3592b4","keyframes":{"transform":["scale(0.15)","scale(1)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"forwards"}]

Security experts advised users to update their devices as soon as possible to protect themselves from the vulnerability.

[{"selector":"#anim-b7c6ace0-8860-4dde-8286-330087d14897","keyframes":{"transform":["translate3d(-115.09434%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-20432500-515e-4ade-852a-5ca40df8f327","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-9f7e637f-4bc3-40d4-89a5-7810617f5bf0","keyframes":{"transform":["scale(0.15)","scale(1)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"forwards"}]

The flaw was similar to another one that was exploited by NSO Group, an Israeli spyware company, to target iPhones with its Pegasus malware.

[{"selector":"#anim-bf5e37cf-7079-4f52-9fc6-f7b212befa3a","keyframes":{"transform":["translate3d(-115.53399%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-d6aaaff7-eb9f-4eec-bc4b-07fd4e9f4e61","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-dd94604d-b533-4ff5-bc06-d5653d881a39","keyframes":{"transform":["scale(0.15)","scale(1)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"forwards"}]