Google is revealing new details about an iOS vulnerability that was exploited back in March. It turns out Russian state-sponsored hackers may have used the flaw to target government officials on LinkedIn.
Google made the claim in a Wednesday blog post discussing the iOS vulnerability, which involved Webkit, the browser engine in Safari. The company’s security researchers uncovered the flaw back on March 19th, and found signs a suspected “Russian government-backed actor” was exploiting it.
The vulnerability, dubbed CVE-2021-1879, paved a way for malicious computer code to run over an iPhone. But to trigger the attack, the victim would first need to visit a booby-trapped website. The Russian hackers seem to have pulled this off by tapping LinkedIn, a professional social network used by millions.
“In this campaign, attackers used LinkedIn Messaging to target government officials from western European countries by sending them malicious links,” Google wrote. “If the target visited the link from an iOS device, they would be redirected to an attacker-controlled domain that served the next stage payloads.”
The attacker-controlled website would first check if the visiting iPhone device was real. Then it would proceed to initiate the attack via the iOS vulnerability with the goal of account hijacking.
“This exploit would turn off Same-Origin-Policy protections in order to collect authentication cookies from several popular websites, including Google, Microsoft, LinkedIn, Facebook and Yahoo and send them via WebSocket to an attacker-controlled IP,” Google said. “The victim would need to have a session open on these websites from Safari for cookies to be successfully exfiltrated.”
Whether the attack was ever successful remains unclear. But Google’s security team reported the flaw to Apple, which then patched it on March 26th through an iOS u ..
Support the originator by clicking the read the rest link below.
