The year 2024 is one of the years in which the highest number of cyberattacks have been received. Aimed at specific companies, governments, public figures… Among hackers and scammers, there are two levels. We could say the “low level”, where we find the WhatsApp, Wallapop, Bizum scams… Then we have the “high level”, which are aimed at governments. One of the The most famous case was that of the famous Pegasus softwareor the North Korean spy infiltrated into a company.
This time we are going to Russia, where for months they have been bombing with Attacks on Safari and Chrome on iPhone and Macthrough some vulnerabilities that we all had in our devices. Moreover, behind this whole story, there is a very important moral to apply.
For nine months, Russian hackers attacked thousands of iPhones and Macs
Between November 2023 and July 2024, Russian hackers linked to the APT29 group (also known as Midnight Blizzard) were discovered to be exploiting vulnerabilities in Safari and Chrome to attempt to infect devices such as iPhones and Macs. security flaws had already been fixed by Apple in previous versions of the software, but there are thousands of iPhones and Macs that never get updated to the latest version of the software.
These attacks were quite intense, but ordinary people can rest assured: they focused on government websites and used a technique known as “water attack”. What does it consist of? Well, it works like this: instead of attacking people directly, popular web pages are compromised so that when someone visits them, their device is infected with malware without them knowing. It’s like putting a trap in a place where you know your target will arrive.
Here are the affected iOS and macOS versions
- CVE-2023-41993: A vulnerability in WebKit, the Safari engine, that allowed arbitrary code execution when processing malicious web content. Apple fixed this bug in iOS 16.7 and Safari 16.6.1 in September 2023. However, devices that were not updated were exposed to this attack.
- CVE-2024-4671: An issue in Chrome’s visual component that affected both macOS and iOS users. Google released a patch in May 2024, but many unpatched devices remain vulnerable.
- CVE-2024-5274: A security vulnerability in Chrome’s V8 JavaScript and WebAssembly engine that also affected Apple devices. This issue was fixed in May 2024 in newer versions of Chrome for macOS and iOS.
You should always update whether or not you are a target of a hacker
This time, the Russian hackers only wanted to obtain government information. We say “only” because, even if It is important for the national security of any countryThis does not affect us directly. However, hackers can (and will) take advantage of any situation.
This time we ordinary citizens were lucky, but next time we may not be so lucky. That is why It is crucial to update our devices and applications. Not only to enjoy the latest features, like those coming with iOS 18 or macOS Sequoia, but also for all the bug fixes and security patches that go unnoticed but are very important.
Apple pays special attention to this, and that’s why it even continues to update devices that are not compatible with the latest versions, Launch of versions for devices considered vintagelike the iPhone 7 or iPhone 8. So it’s always a good time to go to Settings > General > Software Update to make sure you’re running the latest version. Do you check it out?
Cover Image | Free Pik
Source | Google Vulnerability Report
In Applesfera | To protect yourself from security breaches, on iPhone there is a very simple solution
In Applesfera | iPhone 16: release date, price, models and everything we think we know about them
