Hackers behind the SolarWinds supply chain attack last year managed to exploit an iOS vulnerability recently, leaving millions of fully updates iPhones at risk. The cyberattack was part of a malicious email campaign aimed at stealing Web authentication credentials from Western European governments.
The hackers behind this attack were the same ones responsible for delivering malware to Windows users.
Cybersecurity researchers Maddie Stone and Clement Lecigne said a “likely Russian government-backed actor” exploited the unknown iOS vulnerability to send malicious messages to government officials over LinkedIn.
The exploit targeted iOS versions 12.4 through 13.7 and sent users to domains that installed malicious payloads on fully updated iPhones. It would collect authentication cookies from several popular websites including Google, LinkedIn, Facebook, and Yahoo, and send them to a hacker-controlled IP via a WebSocket.
It not only targeted iPhones but also left iPads vulnerable running the same OS version.
The victim would simply need to have Safari opened in order for this exploit to work. The attack was mitigated in browsers with Site Isolation enabled, such as Firefox and Chrome.
Apple patched this zero-day vulnerability in March this year, but this goes to show how easily the most secured systems are cracked without the users’ knowledge. It even affected fully updated devices, in which case we can only wait for future security patches.