Motherboard notes that the implant can also infiltrate a user's keychain and all the passwords in it, as well as the databases for other end-to-end encrypted messaging apps like Telegram and WhatsApp. The Project Zero team discovered a total of fourteen vulnerabilities affecting iPhones running on iOS 10 up to iOS 12.1.2.

A zero day exploit makes use of a vulnerability not known to the software/hardware-maker beforehand, so users have no means to be protected from attacks. The good news is that the malware the websites use disappears whenever an infected iPhone gets rebooted. Google highlighted the issues with Apple on February 1st, prompting a bunch of hotfixes in the iOS 12.1.4 update released on February 7th.

Update: We clarified the iOS versions affected and the version that rolled out with a fix.