While Apple constantly works to improve the security of its devices, hackers are always looking for new ways to crack the security systems found in the iPhone, iPad, Mac, and other devices. Earlier this year, an exploit found in Apple’s WebKit (which is the Safari engine) allowed hackers to extract login information from iOS devices.
As first reported by Google’s Threat Analysis Group (via ArsTechnica), a zero-day exploit found in some versions of iOS 14 allowed SolarWinds hackers to redirect users to domains that ran malicious code on iPhones and iPads. The same hackers also targeted Windows users, according to the research.
The hacker group had been working working for the Russian Foreign Intelligence Service, who attacked devices belonging to the United States Agency for International Development. By using a malicious script, the hackers were able to send emails as if they were someone belonging to the US agency.
After some investigation, it was revealed that the same group of hackers was behind another zero-day exploit found on iOS devices. This exploit, identified as “CVE-2021-1879,” allowed hackers to collect login information from various websites, including Google, Microsoft, LinkedIn, Facebook, and Yahoo.
This exploit would turn off Same-Origin-Policy protections in order to collect authentication cookies from several popular websites, including Google, Microsoft, LinkedIn, Facebook and Yahoo and send them via WebSocket to an attacker-controlled IP. The victim would need to have a session open on these websites from Safari for cookies to be successfully exfiltrated.
For those unfamiliar with the term, a zero-day exploit is basically a newly discovered vulnerability that the fix is still unknown to the developers. Apple subsequently patched this security breach with iOS 14.4.2, but it is still impressive that hackers were able to run malicious code on newly released versions of iOS.
The report notes that zero-day vulnerabilities are becoming more frequent. In the first half of this year alone, Google’s Project Zero found 33 exploits used by hackers, compared to 22 exploits in the same period last year. Part of this may be related to the “increased supply of zero-days from private companies selling exploits.”
Even though running the latest version of software is always one of the best ways to protect yourself against hackers, it is always important to be aware of the content you access on the web in order to avoid attacks.
Author: Filipe Espósito
Source: 9TO5Google