• Tech News
    • Games
    • Pc & Laptop
    • Mobile Tech
    • Ar & Vr
    • Security
  • Startup
    • Fintech
  • Reviews
  • How To
What's Hot

Elementor #32036

January 24, 2025

The Redmi Note 13 is a bigger downgrade compared to the 5G model than you might think

April 18, 2024

Xiaomi Redmi Watch 4 is a budget smartwatch with a premium look and feel

April 16, 2024
Facebook Twitter Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
Facebook Twitter Instagram Pinterest VKontakte
Behind The ScreenBehind The Screen
  • Tech News
    1. Games
    2. Pc & Laptop
    3. Mobile Tech
    4. Ar & Vr
    5. Security
    6. View All

    Bring Elden Ring to the table with the upcoming board game adaptation

    September 19, 2022

    ONI: Road to be the Mightiest Oni reveals its opening movie

    September 19, 2022

    GTA 6 images and footage allegedly leak

    September 19, 2022

    Wild west adventure Card Cowboy turns cards into weird and silly stories

    September 18, 2022

    7 Reasons Why You Should Study PHP Programming Language

    October 19, 2022

    Logitech MX Master 3S and MX Keys Combo for Business Gen 2 Review

    October 9, 2022

    Lenovo ThinkPad X1 Carbon Gen10 Review

    September 18, 2022

    Lenovo IdeaPad 5i Chromebook, 16-inch+120Hz

    September 3, 2022

    It’s 2023 and Spotify Still Can’t Say When AirPlay 2 Support Will Arrive

    April 4, 2023

    YouTube adds very convenient iPhone homescreen widgets

    October 15, 2022

    Google finishes iOS 16 Lock Screen widgets rollout w/ Maps

    October 14, 2022

    Is Apple actually turning iMessage into AIM or is this sketchy redesign rumor for laughs?

    October 14, 2022

    MeetKai launches AI-powered metaverse, starting with a billboard in Times Square

    August 10, 2022

    The DeanBeat: RP1 simulates putting 4,000 people together in a single metaverse plaza

    August 10, 2022

    Improving the customer experience with virtual and augmented reality

    August 10, 2022

    Why the metaverse won’t fall to Clubhouse’s fate

    August 10, 2022

    How Apple privacy changes have forced social media marketing to evolve

    October 16, 2022

    Microsoft Patch Tuesday October Fixed 85 Vulnerabilities – Latest Hacking News

    October 16, 2022

    Decentralization and KYC compliance: Critical concepts in sovereign policy

    October 15, 2022

    What Thoma Bravo’s latest acquisition reveals about identity management

    October 14, 2022

    What is a Service Robot? The vision of an intelligent service application is possible.

    November 7, 2022

    Tom Brady just chucked another Microsoft Surface tablet

    September 18, 2022

    The best AIO coolers for your PC in 2022

    September 18, 2022

    YC’s Michael Seibel clarifies some misconceptions about the accelerator • DailyTech

    September 18, 2022
  • Startup
    • Fintech
  • Reviews
  • How To
Behind The ScreenBehind The Screen
Home»Mobile Tech»Zero-day exploit allowed SolarWinds hackers to extract login information from iOS devices
Mobile Tech

Zero-day exploit allowed SolarWinds hackers to extract login information from iOS devices

July 5, 2022No Comments3 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Zero-day exploit allowed SolarWinds hackers to extract login information from iOS devices
Share
Facebook Twitter LinkedIn Pinterest Email

Whereas Apple consistently works to enhance the safety of its units, hackers are all the time searching for new methods to crack the safety programs discovered within the iPhone, iPad, Mac, and different units. Earlier this yr, an exploit present in Apple’s WebKit (which is the Safari engine) allowed hackers to extract login data from iOS units.

As first reported by Google’s Menace Evaluation Group (through ArsTechnica), a zero-day exploit present in some variations of iOS 14 allowed SolarWinds hackers to redirect customers to domains that ran malicious code on iPhones and iPads. The identical hackers additionally focused Home windows customers, in accordance with the analysis.

The hacker group had been working working for the Russian International Intelligence Service, which attacked units belonging to the US Company for Worldwide Growth. By utilizing a malicious script, the hackers have been in a position to ship emails as in the event that they have been somebody belonging to the US company.

After some investigation, it was revealed that the identical group of hackers was behind one other zero-day exploit discovered on iOS units. This exploit, recognized as “CVE-​2021-1879,” allowed hackers to gather login data from varied web sites, together with Google, Microsoft, LinkedIn, Fb, and Yahoo.

This exploit would flip off Similar-Origin-Coverage protections with a purpose to accumulate authentication cookies from a number of well-liked web sites, together with Google, Microsoft, LinkedIn, Fb and Yahoo and ship them through WebSocket to an attacker-controlled IP. The sufferer would wish to have a session open on these web sites from Safari for cookies to be efficiently exfiltrated.

For these unfamiliar with the time period, a zero-day exploit is principally a newly found vulnerability that the repair remains to be unknown to the builders. Apple subsequently patched this safety breach with iOS 14.4.2, however it’s nonetheless spectacular that hackers have been in a position to run malicious code on newly launched variations of iOS.

See also  Samsung and Google are working to streamline setting up Matter smart home devices

The report notes that zero-day vulnerabilities have gotten extra frequent. Within the first half of this yr alone, Google’s Challenge Zero discovered 33 exploits utilized by hackers, in comparison with 22 exploits in the identical interval final yr. A part of this can be associated to the “elevated provide of zero-days from personal corporations promoting exploits.”

Though working the most recent model of software program is all the time probably the greatest methods to guard your self in opposition to hackers, it’s all the time essential to concentrate on the content material you entry on the internet with a purpose to keep away from assaults.

FTC: We use earnings incomes auto affiliate hyperlinks. Extra.


Try 9to5Mac on YouTube for extra Apple information:

Source link

Allowed Devices exploit Extract hackers information iOS login SolarWinds ZeroDay
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Joe Biden Wants Hackers’ Help to Keep AI Chatbots in Check

May 7, 2023

It’s 2023 and Spotify Still Can’t Say When AirPlay 2 Support Will Arrive

April 4, 2023

YouTube adds very convenient iPhone homescreen widgets

October 15, 2022

Google finishes iOS 16 Lock Screen widgets rollout w/ Maps

October 14, 2022
Add A Comment

Comments are closed.

Editors Picks

The Final of Us Remake has gone gold forward of launch date

July 16, 2022

Generative AI Is Making Companies Even More Thirsty for Your Data

August 10, 2023

How To Discover The Right Timing For Your Innovative Idea

July 7, 2022

Viofo A229 Plus 3-channel review

January 8, 2024

Subscribe to Updates

Get the latest news and Updates from Behind The Scene about Tech, Startup and more.

Top Post

Elementor #32036

The Redmi Note 13 is a bigger downgrade compared to the 5G model than you might think

Xiaomi Redmi Watch 4 is a budget smartwatch with a premium look and feel

Behind The Screen
Facebook Twitter Instagram Pinterest Vimeo YouTube
  • Contact
  • Privacy Policy
  • Terms & Conditions
© 2025 behindthescreen.uk - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.