A zero-day exploit found in some versions of iOS 14 allowed SolarWinds hackers to redirect users to domains that ran malicious code on iPhones and iPads. The same hackers also targeted Windows users.
The hacker group had been working working for the Russian Foreign Intelligence Service, who attacked devices belonging to the United States Agency for International Development. By using a malicious script, the hackers were able to send emails as if they were someone belonging to the US agency.
It was revealed that the same group of hackers was behind another zero-day exploit found on iOS devices. This exploit, identified as “CVE-2021-1879,” allowed hackers to collect login information from various websites, including Google, Microsoft, LinkedIn, Facebook, and Yahoo.
This exploit would turn off Same-Origin-Policy protections in order to collect authentication cookies from several popular websites, including Google, Microsoft, LinkedIn, Facebook and Yahoo and send them via WebSocket to an attacker-controlled IP. The victim would need to have a session open on these websites from Safari for cookies to be successfully exfiltrated.
Apple subsequently patched this security breach with iOS 14.4.2, but it is still impressive that hackers were able to run malicious code on newly released versions of iOS.
In the first half of this year alone, Google’s Project Zero found 33 exploits used by hackers, compared to 22 exploits in the same period last year. Part of this may be related to the “increased supply of zero-days from private companies selling exploits.”
Even though running the latest version of software is always one of the best ways to protect yourself against hackers, it is always important to be aware of the content you access on the web in order to avoid attacks.