According to one blog post, the 14 vulnerabilities were a part of five unique iPhone exploit chains that covered almost every version of Apple’s mobile operating system from iOS 10 to the latest version of iOS 12, indicating that the hackers were working hard to exploit the security flaws.
Half of the iPhone vulnerabilities were discovered in Apple’s Safari browser, five in the kernel, and hackers also used two separate sandbox escapes to access data outside the permissions of an app or a process.
The attack had such deep access to iPhone systems that hackers could even read or eavesdrop the messages of victims on encrypted communications services like WhatsApp, iMessage, and ProtonMail.
“There was no target discrimination,” Ian Beer, a Google hacker and member of the company’s Project Zero team, wrote in a blog. “Simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant.”
There’s also a chance that the attackers have acquired access tokens from the Apple victims, which they could use to log into social media and communications accounts.
You can read the in-depth posts on Google’s Project Zero blog.