Aug. 30 (UPI) -- "Huge security holes" in iPhone software existed for the past two years, giving hackers access to photos, privates messages and the location of users, a Google group that examines and publishes security and privacy concerns said Thursday.
Google Project Zero said there were 14 exploits hackers used to steal personal information from iPhone users.
"Earlier this year Google's Threat Analysis Group (TAG) discovered a small collection of hacked websites," Ian Beer, of Project Zero, said on its blog. "The hacked sites were being used in indiscriminate watering hole attacks against their visitors.
"There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant. We estimate that these sites receive thousands of visitors per week," Beer said.
Hackers made use of so-called "zero-day exploits," which take advantage of a vulnerability at the affected company without them knowing it. Zero-day attacks are more effective after successfully hacking phones or computers because the company does not know about the vulnerability.
Apple fixed the flaws in February with the release of iOS12.1.4 after Google notified it of the vulnerabilities.
TAG said hackers had access to database files with unencrypted, plain-text of the messages sent and received using apps like WhatsApp, Telegram and iMessage.
"This indicated a group making a sustained effort to hack the users of iPhones in certain communities over a period of at least two years," Beer said.
Apple has not responded so far to the past attack.