A recent Google Project Zero blog post details how Apple iPhone devices were susceptible to being hacked for years. Visiting malicious websites from an Apple smartphone would allow said websites to hack into the device by executing commands and exploiting a set of “previously undisclosed software flaws”.
Simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant — Ian Beer, Google Project Zero security researcher
Apparently, these websites were doing these malicious activities on unsuspecting iPhone users over the “period of at least two years”. “The researchers found five distinct exploit chains involving 12 separate security flaws, including seven involving Safari, the in-built web browser on iPhones“, Tech Crunch notes, with vulnerabilities affecting iPhones running iOS 10 through the current iOS 12 version.
Apple issued a fix within 6 days of getting the notice, and has also increased the bug hunting bounty to $1 million. You can find more details at the source links below, if you want to get technical. For now, rest assured that these flaws have been promptly patched by Apple.