In an ongoing effort to secure its products against cyber threats, Apple has successfully addressed three new zero-day vulnerabilities that were under exploitation. These vulnerabilities, weaponized by cyber attackers, facilitated the installation of Triangulation spyware on iPhones using zero-click exploits in iMessage.
The Kernel and WebKit vulnerabilities, classified as CVE-2023-32434 and CVE-2023-32435, had the potential to be actively exploited against iOS versions released before iOS 15.7, according to Apple. This indicates that the affected devices were under potential threat until Apple rolled out these patches.
These security loopholes were not left unnoticed by the cybersecurity community. In fact, they were uncovered and reported by a team of security researchers from Kaspersky: Georgy Kucherin, Leonid Bezvershenko, and Boris Larin. In a detailed report, Kaspersky unveiled more about an iOS spyware component being used in a campaign it tracks under the code name “Operation Triangulation”.
Intriguingly, the “TriangleDB” implant, as it was dubbed by Kaspersky, is a cleverly designed software that launches after the attackers gain root privileges on the targeted iOS device. This is achieved by exploiting a kernel vulnerability. The implant is deployed in memory, which means that all traces of the implant are wiped out when the device is rebooted. Consequently, if the user reboots their device, the attackers have to reinfect it by sending a malicious iMessage, thereby launching the exploitation process all over again.
These sophisticated attacks, according to Kaspersky, began in 2019 and continue to this day. Some iPhones on Kaspersky’s network were the targets, infected with previously unknown spyware via iMessage zero-click exploits that took advantage of iOS zero-day bugs.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
In a surprising development, Russia’s FSB intelligence and security agency claimed that Apple had colluded with the NSA, providing a backdoor that helped infect iPhones in Russia with spyware. Apple swiftly dismissed these allegations, with a spokesperson asserting that the company had never collaborated with any government to insert a backdoor into any Apple product.
Adding to its patching efforts, Apple also addressed another WebKit zero-day vulnerability, CVE-2023-32439. Reported by an anonymous researcher, this vulnerability could have allowed attackers to execute arbitrary code on unpatched devices by exploiting a type confusion issue.
Apple has tackled these security issues across multiple versions of its operating systems, including iOS 16.5.1, iPadOS 16.5.1, watchOS 9.5.2, and 8.8.1. The solutions involve improved checks, input validation, and better state management.
The range of devices affected by these zero-day vulnerabilities spans a wide spectrum, from older models to the latest, including different models of iPhones, iPads, Macs, and Apple Watches.
Since the start of this year, Apple has patched a total of nine zero-day vulnerabilities that were actively being exploited to compromise iPhones, Macs, and iPads. This ongoing endeavour reflects Apple’s commitment to safeguarding its products against an array of threats in the cyber landscape.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
