Skip to main content

Zero-day exploit allowed SolarWinds hackers to extract login information from iOS devices

While Apple constantly works to improve the security of its devices, hackers are always looking for new ways to crack the security systems found in the iPhone, iPad, Mac, and other devices. Earlier this year, an exploit found in Apple’s WebKit (which is the Safari engine) allowed hackers to extract login information from iOS devices.

As first reported by Google’s Threat Analysis Group (via ArsTechnica), a zero-day exploit found in some versions of iOS 14 allowed SolarWinds hackers to redirect users to domains that ran malicious code on iPhones and iPads. The same hackers also targeted Windows users, according to the research.

The hacker group had been working working for the Russian Foreign Intelligence Service, which attacked devices belonging to the United States Agency for International Development. By using a malicious script, the hackers were able to send emails as if they were someone belonging to the US agency.

After some investigation, it was revealed that the same group of hackers was behind another zero-day exploit found on iOS devices. This exploit, identified as “CVE-​2021-1879,” allowed hackers to collect login information from various websites, including Google, Microsoft, LinkedIn, Facebook, and Yahoo.

This exploit would turn off Same-Origin-Policy protections in order to collect authentication cookies from several popular websites, including Google, Microsoft, LinkedIn, Facebook and Yahoo and send them via WebSocket to an attacker-controlled IP. The victim would need to have a session open on these websites from Safari for cookies to be successfully exfiltrated.

For those unfamiliar with the term, a zero-day exploit is basically a newly discovered vulnerability that the fix is still unknown to the developers. Apple subsequently patched this security breach with iOS 14.4.2, but it is still impressive that hackers were able to run malicious code on newly released versions of iOS.

The report notes that zero-day vulnerabilities are becoming more frequent. In the first half of this year alone, Google’s Project Zero found 33 exploits used by hackers, compared to 22 exploits in the same period last year. Part of this may be related to the “increased supply of zero-days from private companies selling exploits.”

Even though running the latest version of software is always one of the best ways to protect yourself against hackers, it is always important to be aware of the content you access on the web in order to avoid attacks.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Filipe Espósito Filipe Espósito

Filipe Espósito is a Brazilian tech Journalist who started covering Apple news on iHelp BR with some exclusive scoops — including the reveal of the new Apple Watch Series 5 models in titanium and ceramic. He joined 9to5Mac to share even more tech news around the world.

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications