In recent news, hackers behind the attack on SolarWinds ’supply chain have discovered an iOS vulnerability last year making millions of iPhones around the globe susceptible to receiving cyber attacks. This cyber-attack was initially part of an e-mail campaign aimed at stealing web security credentials from Western European governments.
These hackers have also sent malware to Windows users on several occasions. According to cybersecurity researchers Maddie Stone and Clement Lecigne, a Russian government-backed actor has exploited iOS’s vulnerability to send malicious messages to government officials via LinkedIn.
This attack targeted iOS versions from 12.4 to 13.7 that redirected users to domains that have installed malicious payloads despite the fact that the iPhones were completely upgraded. The payloads will collect authentication cookies from numerous websites such as Google, LinkedIn, Facebook and Yahoo and then send them to the hacker via a WebSocket.
This attack usually occurs to users who have used browsers such as Firefox and Chrome and who have activated the site’s location. So far Apple has not released any security patches for the iPhone, but it is expected that the patch will come around for real.