Zero-day exploit allowed SolarWinds hackers to extract login credentials from iOS devices

by



[ad_1]

As Apple constantly strives to improve the security of its devices, hackers are always looking for new ways to crack the security systems present on iPhone, iPad, Mac and other devices. . Earlier this year, an exploit found in Apple’s WebKit (which is the Safari engine) allowed hackers to extract login credentials from iOS devices.

As first reported by Google’s Threat Analysis Group (via ArsTechnica), a zero-day exploit found in some versions of iOS 14 allowed SolarWinds hackers to redirect users to domains that were running malicious code on iPhones and iPads. The same hackers have also targeted Windows users, according to the research.

The hacker group worked for the Russian Foreign Intelligence Service, which attacked devices belonging to the US Agency for International Development. Using a malicious script, the hackers were able to send emails as if they belonged to the US agency.

After an investigation, it was revealed that the same group of hackers were behind another zero-day exploit found on iOS devices. This exploit, identified as “CVE-2021-1879”, allowed hackers to collect login information from various websites, including Google, Microsoft, LinkedIn, Facebook, and Yahoo.

This exploit would disable Same-Origin-Policy protections in order to collect authentication cookies from several popular websites including Google, Microsoft, LinkedIn, Facebook and Yahoo and send them via WebSocket to an IP address controlled by an attacker. The victim would need to be logged on to these websites from Safari for the cookies to be successfully exfiltrated.

For those unfamiliar with the term, a zero-day exploit is essentially a newly discovered vulnerability whose fix is ​​still unknown to developers. Apple subsequently fixed this security flaw with iOS 14.4.2, but it’s still impressive that hackers were able to run malicious code on newer versions of iOS.

The report notes that zero-day vulnerabilities are on the rise. In the first half of this year alone, Google’s Project Zero found 33 exploits used by hackers, up from 22 exploits in the same period last year. Part of this may be related to “the increased supply of zero-days from private companies selling exploits.”

Even though running the latest version of software is always one of the best ways to protect yourself against hackers, it is still important to be aware of what content you are accessing on the web in order to avoid attacks.

FTC: We use automatic affiliate links which generate income. After.

Check out 9to5Mac on YouTube for more Apple news:

[ad_2]

Source link