In recent news, the hackers behind the SolarWinds supply chain attack last year discovered an iOS vulnerability hence making millions of iPhones across the globe susceptible to receive cyber attacks. This cyber-attack was initially a part of an email campaign aimed at stealing web security credentials from Western European governments.
These hackers have also sent malware to Windows users on numerous occasions. According to cybersecurity researchers, Maddie Stone and Clement Lecigne, a Russian government-backed actor exploited the iOS vulnerability in order to send malicious messages to government officials via LinkedIn.
This attack has targeted iOS versions 12.4 till 13.7 which redirected users to domains that installed malicious payloads despite the iPhones being fully updated. The payloads would collect authentication cookies from numerous websites such as Google, LinkedIn, Facebook, and Yahoo and then send them to the hacker via a WebSocket.
This attack normally happened to users which used browsers such as Firefox and Chrome and had site location enabled. So far Apple has not released any security patch for the iPhones but it is expected that the patch will come around real soon.