While Apple is constantly working to improve the security of its devices, hackers are always looking for new ways to crack the security systems found on iPhone, iPad, Mac and other devices. Earlier this year, an exploit found in Apple’s WebKit (which is the Safari engine) allowed hackers to retrieve credentials from iOS devices.
As first reported by Google’s Threat Analysis Group (via ArsTechnica), a zero-day exploit found in some versions of iOS 14, allowed SolarWinds hackers to redirect users to domains that ran malicious code on iPhones and iPads. The same hackers also targeted Windows users, according to the research.
The hacker group had worked for the Russian foreign intelligence service, which attacked units belonging to the United States Agency for International Development. Using a malicious script, hackers could send e-mails as if they belonged to the US agency.
After some investigation, it was revealed that the same group of hackers was behind another zero-day exploitation found on iOS devices. This exploit, identified as “CVE-2021
This exploit would turn off protection against Same-Origin-Policy to collect authentication cookies from several popular sites, including Google, Microsoft, LinkedIn, Facebook and Yahoo, and send them via WebSocket to an attacker-controlled IP. The victim must have a session open on these Safari sites in order for cookies to be filtered out.
For those unfamiliar with the term, a zero-day exploit is basically a newly discovered vulnerability whose solution is still unknown to developers. Apple then patched this security breach with iOS 14.4.2, but it’s still impressive that hackers were able to run malicious code on recently released versions of iOS.
The report notes that zero-day vulnerabilities are becoming more frequent. In the first half of the year alone, Google’s Project Zero found 33 exploits used by hackers, compared to 22 exploits in the same period last year. Part of this may be related to “increased zero-day supply from private companies selling companies.”
Although running the latest version of software is always one of the best ways to protect yourself from hackers, it is always important to be aware of the content you access online to avoid attacks.
FTC: We automatically use affiliate links for revenue. More.
Check out 9to5Mac on YouTube for more Apple news: