Hackers responsible for the SolarWinds supply chain attack last year recently mistreated an iOS vulnerability, putting millions of fully updated iPhones at risk.The cyberattack was part of a malicious email campaign designed to steal Web authentication credentials from governments in Western Europe.
This attack was carried out by the same hackers who were responsible for delivering malware to Windows users.
According to cybersecurity researchers Maddie Stone and Clement Lecigne, a “likely Russian government-backed actor” used an unknown iOS vulnerability to send false data to government officials through use of LinkedIn.
The hack targetediOS versions 12.4–13.7 and directed users to domains that installed known vulnerabilities on fully updated iPhones.It would collect authentication cookies from popular websites such as Google, LinkedIn, Facebook, and Yahoo and send them via a WebSocket to a hacker-controlled IP.
It not only targeted iPhones but also left iPads running the same OS version vulnerable.
In order for this hack to work, the victim would simply need to have Safari open.The attack was minimised in browsers that support Site Isolation, such as Firefox and Chrome.
This zero-day vulnerability was patched by Apple in March of this year, but it demonstrates how easily even the most secure systems can be cracked without the users’ knowledge.It even affected fully updated devices, leaving us with no choice but to wait for future security patches.