Government Supported Hackers Are Targeting iPhone, MacBook Users, Alleges Google
Google has discovered a series of attacks by hackers that targeted Apple users on Macs and iPhones. The company has shared that the hackers behind the attack are “a well-resourced group” and that this campaign may also be backed by some government.
The discovery was made by Google’s Threat Advisory Group (TAG) and shared in a recent blog post. In the post, Google writes that its TAG team discovered the attacks in late August this year. The zero-day attacks were quickly reported to Apple, and the company has now rolled out a fix for these.
The attacks exploited two main vectors on Apple devices – macOS Catalina and Safari on iOS and macOS. The first was compromised through a zero-day vulnerability (or a previously unknown vulnerability) titled CVE-2021-30869. After TAG informed Apple of this security issue, Apple released a patch for it on September 23. On Safari, the attacks exploited previously known security issues in its WebKit rendering engine.
As per the Google security team, these were “watering hole” attacks, meaning they were targeted at a specific group of end-users through infected websites that such users are known to visit. In this case, these websites were those of a media outlet and a political group in Hong Kong.
The target group was Apple device users that wanted to know about the political proceedings in Hong Kong.
Once a target user visited these websites, the attackers installed a backdoor on their systems using the vulnerabilities mentioned above. As per the post by TAG, this backdoor could be used for a range of activities, including audio and screen capture, download and upload of files, recording all that is typed (through a keylogger) and executing terminal commands on the victim computer.
The blog post notes that Apple has added “generic protections in Big Sur,” which protect the operating system from the exploit. The vulnerabilities are thus only confined to Catalina, but since Apple still supports the OS, it had to push the security updates for it. Google noted “Apple’s quick response” in the blog and appreciated the company for the “patching of this critical vulnerability.”
Google has been active in finding such zero-day vulnerabilities on its own and other systems lately. In September, the company patched zero-day risks on Chrome that affected Windows, Mac and Linux users through the rollout of the Chrome 94.0.4606.61 stable channel. You can read all about the critical patch here.