iOS Zero-Day Let SolarWinds Hackers Compromise Fully Updated iPhones
Thursday July 15, 2021. 02:45 AM , from Slashdot/Apple
The campaign closely tracks to one Microsoft disclosed in May. In that instance, Microsoft said that Nobelium -- the name the company uses to identify the hackers behind the SolarWinds supply chain attack -- first managed to compromise an account belonging to USAID, a US government agency that administers civilian foreign aid and development assistance. With control of the agency's account for online marketing company Constant Contact, the hackers could send emails that appeared to use addresses known to belong to the US agency. In an email, Shane Huntley, the head of Google's Threat Analysis Group, confirmed the connection between the attacks involving USAID and the iOS zero-day, which resided in the WebKit browser engine.
Read more of this story at Slashdot.
Aug, Sun 1 - 08:32 CEST