{"id":33157,"date":"2021-07-16T14:30:34","date_gmt":"2021-07-16T18:30:34","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=33157"},"modified":"2021-07-16T14:30:34","modified_gmt":"2021-07-16T18:30:34","slug":"ios-zero-day-to-steal-authentication-cookies","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2021\/07\/16\/ios-zero-day-to-steal-authentication-cookies\/","title":{"rendered":"iOS Zero-day to Steal Authentication Cookies"},"content":{"rendered":"

Dan Goodin<\/a> (Hacker News<\/a>):<\/p>\n

The Russian state hackers who orchestrated the SolarWinds supply chain attack last year exploited an iOS zero-day as part of a separate malicious email campaign aimed at stealing Web authentication credentials from Western European governments, according to Google and Microsoft.<\/p>\n

[…]<\/p>\n

Attacks targeting CVE-2021-1879, as the zero-day is tracked, redirected users to domains that installed malicious payloads on fully updated iPhones.<\/p>\n

[…]<\/p>\n

In one wave, a Nobelium-controlled web server profiled devices that visited it to determine what OS and hardware the devices ran on. If the targeted device was an iPhone or iPad, a server used an exploit for CVE-2021-1879, which allowed hackers to deliver a universal cross-site scripting attack. Apple patched<\/a> the zero-day in late March.<\/p><\/blockquote>\n\n

Previously:<\/p>\n