SolarWinds hackers used iOS zero-day to penetrate iPhones used by government officials

A newly uncovered zero-day exploit impacting older versions of iOS was leveraged by Russia-backed hackers in a campaign that targeted officials of Western European governments.

iOS 14Outlined by Google’s Threat Analysis team in a report on Wednesday, the attack involved messages sent to government officials over LinkedIn.Victims who visited a provided link on their iOS device would be redirected to a domain that served up an initial malicious payload that checked for device authenticity. After multiple validation checks were satisfied, a final payload containing the CVE-2021-1879 exploit would downloaded and used to bypass certain security protections.

Read more…