Safari Zero-Day Used in Malicious LinkedIn Campaign

[silversurfer]

Threat actors used a Safari zero-day flaw to send malicious links to government officials in Western Europe via LinkedIn before researchers from Google discovered and reported the vulnerability.
 
That’s the word from researchers from Google Threat Analysis Group (TAG) and Google Project Zero, who Wednesday posted a blog shedding more light on several zero-day flaws that they discovered so far this year. Researchers in particular detailed how attackers exploited the vulnerabilities—the prevalence of which are on the rise–before they were addressed by their respective vendors.
 
TAG researchers discovered the Safari WebKit flaw, tracked as CVE-​2021-1879, on March 19. The vulnerability allowed for the processing of maliciously crafted web content for universal cross site scripting and was addressed by Apple in an update later that month.
 
Before the fix, researchers assert Russian-language threat actors were exploiting the vulnerability in the wild by using LinkedIn Messaging to send government officials from Western European countries malicious links that could collect website-authentication cookies, according to the post by Maddie Stone and Clement Lecigne from Google TAG.
 
“If the target visited the link from an iOS device, they would be redirected to an attacker-controlled domain that served the next-stage payloads,” they wrote.

Read more: Safari Zero-Day Used in Malicious LinkedIn Campaign | Threatpost