Can My iPhone Be Hacked Through Safari?

More than 800 million people use Safari on their iPhones to browse the web—but is this app safe to use?

While Safari includes various security features to protect your phone from hacking, it’s still possible for hackers to gain access to your device through this app.

In fact, it has happened many times before.

A group of researchers recently discovered a method to access iPhones through Safari, enabling them to collect sensitive data from these devices by creating fake websites.

In this guide, we will discuss iPhone hacking through Safari and the steps you can take to safeguard yourself. We’ll also explain what you can do if you suspect your phone has been hacked.

Can iPhones Get Hacked Through Safari?

Cyberattacks against Safari happen all the time. In 2023 alone, there were 41 Safari exploits discovered, of which 11 were known to have been actively exploited by hackers. However, due to the complexity of these exploits and speed at which Apple fixes them, it is probably unlikely that it will happen to you.

For example, in November 2023, Apple was made aware of an attack where cybercriminals were using WebKit, the browser engine for Safari, to hack iPhones through the app in two ways:

❌ Manipulating WebKit to read the memory and sensitive information on an iOS device.

❌ Using WebKit to run code that can download malware—malicious software designed to spy on devices—onto an iPhone.

Although Apple hasn’t disclosed the details of the attack, they have since released a security patch to address the issue.

This was designed to fix the exploited vulnerabilities and ensure that cybercriminals could no longer use this particular approach to hack Apple devices.

How iOS Is Structured to Avoid Safari Hacking

Apple is renowned for its stringent approach to security. For example, third-party apps are rigorously vetted before they can appear on the Apple App Store, which protects iPhone users from downloading malicious apps.

The manufacturer also uses something called sandboxing, which is how they restrict third-party apps—including Safari—from accessing your files and data or making changes to your device.

Lastly, Apple is among the best when it comes to releasing regular security updates for their devices. Their Security Bounty program also incentivizes security researchers to report any discovered vulnerabilities to Apple as quickly as possible.

Therefore, by installing the latest iOS updates as soon as they become available you can stay protected against the vast majority of iPhone vulnerabilities and exploits.

How to Prevent Your iPhone from Being Hacked Through Safari

Aside from ensuring you always have the latest version of iOS installed on your iPhone, there are some other things you can do to prevent being hacked through Safari.

✅ Only download apps from Apple’s App Store

Some people jailbreak their iPhones to download apps that aren’t approved by Apple and don’t appear in the App Store.

However, downloading these apps can quickly result in spyware being installed on your iPhone, meaning a hacker can:

• Steal your sensitive data, like your banking information.
• Access your photos and videos.
• Monitor your text messages.
• Listen to your voice calls.

✅ Be cautious of the websites you visit

Think carefully about following a link to a website you don’t recognize. This link could lead you to a fake or malicious website designed to steal your data and hack your phone.

Many people fall victim to phishing attacks by visiting websites that look legitimate and then entering their personal information on these sites. Hackers then use this information to access your online accounts.

✅ Block pop-ups

Some pop-ups are designed for phishing attacks.

For example, you may encounter a pop-up announcing that you’ve won a prize and urging you to visit a specific website.

You visit this website and enter your personal details to redeem your prize. However, this is a malicious site, and hackers are using it to steal sensitive information.

This is why it’s a good idea to block pop-ups on Safari. To do this:

1. Open Settings and tap Safari.
2. Turn on Block Pop-ups.

Fig 1. Blocking Safari pop-ups on iPhone.

✅ Change your Safari settings

There are multiple privacy settings in Safari that you can adjust on your iPhone to enhance your browsing safety. You can do this by visiting Settings > Safari and then toggling the sliders to turn on features that will:

1. Prevent cross-site tracking: This limits Safari from collecting third-party cookies and data that can be used to track your browsing activity.
2. Hide IP your address: This conceals your iPhone’s IP address from known trackers, another way to prevent your activity and personal information from being tracked.
3. Warn you if a website is fraudulent: This will alert you if a website you visit is a suspected phishing website.

Fig 2. Safari privacy settings on iPhone.

✅ Control Safari access to device features

Websites can use your camera, microphone or location when you visit them using Safari. This can be useful if you need to upload a photo or provide a site with your exact location, but some malicious websites have been known to misuse this data.

You can set up Safari so that websites must either request permission before accessing these features or are blocked from using them altogether. This is a good way to limit potential data leakage when using Safari.

To check these settings:

1. Open Settings and tap Safari.
2. Scroll down and tap either Camera, Microphone or Location.
3. Choose either Ask or Deny.

Fig 3. Checking access to device features in Safari.

✅ Use iCloud Private Relay

If you’re subscribed to iCloud+, you can use the iCloud Private Relay to prevent websites from collecting information about you.

When this feature is turned on, the information leaving your iPhone while you browse is encrypted, which means it’s nearly impossible for hackers to spy on it.

This also prevents websites from seeing your IP address and location and collecting your browsing activity on Safari.

To turn on iCloud Private Relay:

1. Go to Settings.
2. Tap your name.
3. Navigate to iCloud.
4. Tap Private Relay.
5. Toggle the slider to green.

Fig 4: Enabling iCloud Private Relay.

✅ Use an additional security app

There are several apps which have been vetted by Apple that you can use to enhance security on your iPhone. They provide additional safety settings that you can enable to protect your phone.

One such app is Certo Mobile Security, which is free and can:

• Scan your phone for vulnerabilities.
• Run a security health check.
• Check your WiFi network for signs of compromise.
• Help you set up your iPhone for optimal security with detailed instructions of how to configure over 20 additional iOS settings.

A security app can provide you with extra peace of mind that your iPhone is protected against hacking and cyber attacks.

What Can I Do if My iPhone Has Been Hacked Through Safari?

Although the chances of being hacked through Safari are slim, there are some things you can do if you think it has happened to you:

➡️ Remove apps you don’t remember downloading

One way to remove potential malware is to uninstall any apps that you don’t recognize.

Visit your app library and look for any apps you don’t recognize. Here’s how to find and remove them:

1. Open Settings and tap General > iPhone Storage.
2. Review the list and check for any apps you do not recognize.
3. Tap on any unrecognized apps and tap Delete App to remove it from your iPhone.

➡️ Scan your phone for spyware

Some Safari exploits may try to install spyware on your device, providing a hacker with complete remote access to your device.

If you suspect your iPhone has been hacked, you can use an anti-spyware tool like Certo AntiSpy to perform a deep scan of your phone. This can help to detect hidden spyware and remove threats from your device.

Here’s how to secure your iPhone with Certo AntiSpy:

1. Download Certo AntiSpy to your computer.
2. Plugin your iPhone and click Scan.
3. Tap Remove next to any threats to safely remove them from your device.

Fig 5: Detecting iPhone spyware with Certo AntiSpy.

➡️ Restore to factory settings

Another way to fix a hacked phone is to hard reset it back to its original state, known as factory settings. This wipes all the data and settings from your iPhone completely.

Before you do this, ensure that your data is backed up to iCloud so you can download it again once you reset your phone. Don’t worry, any malware on your phone won’t get backed up to iCloud with your data.

To reset to factory settings:

1. Open Settings.
2. Navigate to General.
3. Select Transfer or Reset iPhone.
4. Tap on Erase All Content and Settings.

Fig 6: Performing a factory restore on iPhone.

Wrapping Up

While the prospect of iPhone hacking through Safari may seem alarming, Apple’s proactive security measures and the inherent design of iOS significantly mitigate the risks.

The occurrence of Safari exploits, although not unheard of, is relatively rare for the average user, thanks in part to Apple’s swift responses to identified vulnerabilities and the deployment of security patches.

Users can further protect themselves by adhering to recommended practices such as installing updates promptly, downloading apps exclusively from the App Store, being cautious of the websites they visit, and employing additional security features like blocking pop-ups and adjusting privacy settings in Safari.

Moreover, the availability of tools like Certo AntiSpy and other vetted security applications offers an added layer of defense against potential threats, ensuring users can maintain their privacy and security while enjoying the benefits of their iPhones.

Ultimately, while no system can be entirely invulnerable, by taking informed precautions and utilizing available security resources, iPhone users can confidently navigate the web through Safari with minimal risk.