• iOS zero-day let SolarWinds hackers compromise fully updated iPhones

    Home » Forums » Cyber Security Information and Advisories » Code Red – Security/Privacy advisories » iOS zero-day let SolarWinds hackers compromise fully updated iPhones

    Tags:

    Author
    Topic
    Alex5723
    AskWoody Plus
    July 15, 2021 at 12:32 am #2377817

    Flaw was exploited when government officials clicked on links in LinkedIn messages.

    The Russian state hackers who orchestrated the SolarWinds supply chain attack last year exploited an iOS zero-day as part of a separate malicious email campaign aimed at stealing Web authentication credentials from Western European governments, according to Google and Microsoft.

    In a post Google published on Wednesday, researchers Maddie Stone and Clement Lecigne said a “likely Russian government-backed actor” exploited the then-unknown vulnerability by sending messages to government officials over LinkedIn.

    Attacks targeting CVE-2021-1879, as the zero-day is tracked, redirected users to domains that installed malicious payloads on fully updated iPhones. The attacks coincided with a campaign by the same hackers who delivered malware to Windows users, the researchers said….

    Apple subsequently patched this security breach with iOS 14.4.2

    CVE-2021-1879: Clement Lecigne of Google Threat Analysis Group and Billy Leonard of Google Threat Analysis Group

    • This topic was modified 3 years, 9 months ago by Alex5723.
    Reply | Quote
    Viewing 0 reply threads
    Author
    Replies
    • Kirsty
      Manager
      July 15, 2021 at 9:29 pm #2378034

      The exploit and patch were both from March of this year…

      1 user thanked author for this post.
      Alex5723
      Reply | Quote
    Viewing 0 reply threads
    Reply To: iOS zero-day let SolarWinds hackers compromise fully updated iPhones

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    May 2025
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    25262728293031

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.