Google researchers at Project Zero have identified a vulnerability that has accessed all database files used by end-to-end encryption apps such as WhatsApp, iMessage, Gmail and more on the victim’s iPhone. It can take a copy of the user’s complete communication database, copy all their photos, upload user’s location in real time and much more. The implant primarily focuses on uploading live location data and stealing files.

The bug allowed some websites to hack iOS devices. Hackers had access to not only the text of the messaging app, but also media files and locations. According to reports, when hackers gain access to WhatsApp chat, they start sending these hacked messages as plain text to a server. “The implant runs entirely in userspace, although not unsandboxed, and as a route with entitlements selected by the attacker, they can still access all the personal data they are interested in,” the report said.

Researchers have been able to collect five separate, complete and unique iPhone exploit chains, covering almost every version from iOS 10 to the latest version of iOS 12.

“Earlier this year, Google’s Threat Analysis Group (TAG) discovered a small collection of hacked websites.

The implant has access to almost all of the personal information available on the user’s device, which is capable of uploading to the implant attacker’s server, without encrypting. The report further states, “If the phone is rebooted, the implant will not be run until the device is re-absorbed when the user returns to a compromised site.”

Google warns users against visiting an unauthorized website, and can be very careful about clicking on suspicious emails that could lead them to a malicious website and put you at risk for hackers. In addition, Apple has advised iOS users to update their devices with the latest OS.