iOS zero-day let SolarWinds hackers compromise fully updated iPhones

by
Dan Goodin
from Ars Technica - All content on (#5M6XC)
zeroday-800x534.jpg

Enlarge (credit: Getty Images)

The Russian state hackers who orchestrated the SolarWinds supply chain attack last year exploited an iOS zero-day as part of a separate malicious email campaign aimed at stealing Web authentication credentials from Western European governments, according to Google and Microsoft.

In a post Google published on Wednesday, researchers Maddie Stone and Clement Lecigne said a likely Russian government-backed actor" exploited the then-unknown vulnerability by sending messages to government officials over LinkedIn.

Moscow, Western Europe, and USAID

Attacks targeting CVE-2021-1879, as the zero-day is tracked, redirected users to domains that installed malicious payloads on fully updated iPhones. The attacks coincided with a campaign by the same hackers who delivered malware to Windows users, the researchers said.

Read 12 remaining paragraphs | Comments

index?i=augKPTpyHh8:GHydnsNo5Lw:V_sGLiPB index?i=augKPTpyHh8:GHydnsNo5Lw:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments