A newly uncovered zero-day exploit impacting older versions of iOS was leveraged by Russia-backed hackers in a campaign that targeted officials of Western European governments. Outlined by Google's Threat Analysis team in a report on Wednesday, the attack involved messages sent to government officials over LinkedIn. Victims who visited a provided link on their iOS device would be redirected to a domain that served up an initial malicious payload that subsequently examined device authenticity. After multiple validation checks were satisfied, a final payload containing the CVE-2021-1879 exploit was downloaded and used to bypass certain security protections. According to Google, the zero-day turned off Same-Origin-Policy safeguards, or protections that prevent malicious scripts from collecting data on the web. By disabling the defense, hackers were able to gather website authentication information from Google, Microsoft, LinkedIn, Facebook, Yahoo and others before sending it on to an attacker-controlled IP, the report said.