iOS Zero-day to Steal Authentication Cookies
The Russian state hackers who orchestrated the SolarWinds supply chain attack last year exploited an iOS zero-day as part of a separate malicious email campaign aimed at stealing Web authentication credentials from Western European governments, according to Google and Microsoft.
[…]
Attacks targeting CVE-2021-1879, as the zero-day is tracked, redirected users to domains that installed malicious payloads on fully updated iPhones.
[…]
In one wave, a Nobelium-controlled web server profiled devices that visited it to determine what OS and hardware the devices ran on. If the targeted device was an iPhone or iPad, a server used an exploit for CVE-2021-1879, which allowed hackers to deliver a universal cross-site scripting attack. Apple patched the zero-day in late March.
Previously:
