For the past several months we have been hearing of SolarWinds Hacks that we stated would have a lasting effect for quite sometime. We now find that SolarWinds hackers were able to use a zero-day exploit in iOS 14 which allowed them to redirect users to domains that ran malicious code on iPhones and iPads. By using a malicious script, the hackers were able to send emails as if they were someone belonging to the US agency.
This exploit, identified as “CVE-2021-1879,” allowed hackers to collect login information from various websites, including Google, Microsoft, LinkedIn, Facebook, and Yahoo. Apple patched this exploit in iOS 14.4.2. Azero-day exploit isa newly discovered vulnerability without a current fix, once the zero-day exploit is discovered they have “zero days” to fix it.
Zero-day exploits are not new to the Apple world and we have seen several over the years, some which have been used to the advantage of the Jailbreak community so they can bypass Apple’s immense security and enjoy features and software normally unavailable to users.
Google’s Project Zero found 33 exploits used by hackers, compared to 22 exploits in the same period last year meaning that zero-days are on the rise. In the past attacks on Apple devices were uncommon as the user base was much smaller compared to Android and Windows, however, as adoption of iOS and MacOS rises we are expecting to see the attacks grow in significance.