Posted 21 June 2023 - 04:27 PM
This is exactly when and how it started. Issues with my iPhone, iCloud, apps and Mac Book. One thing lead to another compromising PC, laptops, and other devices
Apple fixes zero-days used to deploy Triangulation spyware via iMessage
Apple addressed three new zero-day vulnerabilities exploited in attacks installing Triangulation spyware on iPhones via iMessage zero-click exploits.
"Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7," the company says when describing Kernel and WebKit vulnerabilities tracked as CVE-2023-32434 and CVE-2023-32435.
The two security flaws were found and reported by Kaspersky security researchers Georgy Kucherin, Leonid Bezvershenko, and Boris Larin.
Kaspersky also published a report earlier today with additional details on an iOS spyware component used in a campaign the cybersecurity company tracks as "Operation Triangulation."
"The implant, which we dubbed TriangleDB, is deployed after the attackers obtain root privileges on the target iOS device by exploiting a kernel vulnerability. It is deployed in memory, meaning that all traces of the implant are lost when the device gets rebooted," Kaspersky said today.
"Therefore, if the victim reboots their device, the attackers have to reinfect it by sending an iMessage with a malicious attachment, thus launching the whole exploitation chain again. In case no reboot occurs, the implant uninstalls itself after 30 days, unless this period is extended by the attackers.
Used by U.S. state hackers per FSB claims
The attacks started in 2019 and are still ongoing, according to Kaspersky, who reported in early June that some iPhones on its network were infected with previously unknown spyware via iMessage zero-click exploits that exploited iOS zero-day
Apple also patched today a WebKit zero-day vulnerability (CVE-2023-32439) reported by an anonymous researcher that can let attackers gain arbitrary code execution on unpatched devices by exploiting a type confusion issue.
The list of affected devices is quite extensive, as the zero-day affects older and newer models.
Since the start of the year, Apple has patched a total of 9 zero-day vulnerabilities that were exploited in the wild to compromise iPhones, Macs, and iPads.
Last month, the company fixed three more zero-days (CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373), the first reported by Google Threat Analysis Group and Amnesty International Security Lab researchers and likely used to install commercial spyware.