Security22.06.2023

Apple fixes zero-day flaws used to install triangulation spyware on iPhones

Apple has addressed three zero-day vulnerabilities used to install triangulation spyware on iPhones via iMessage no-click exploits.

The security flaws were discovered and reported by Kaspersky researchers Boris Larin, Georgy Kucherin, and Leonid Bezvershenko.

“Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7,” the Cupertino-based company said in its security update notes.

“An app may be able to execute arbitrary code with kernel privileges.”

Kaspersky also published a report with further details on an iOS spyware campaign dubbed “Operation Triangulation”.

It said the implant — known as TriangleDB — can be deployed once attackers obtain root privileges on a target device by exploiting the kernel vulnerability.

“It is deployed in memory, meaning that all traces of the implant are lost when the device gets rebooted,” Kaspersky said.

“Therefore, if the victim reboots their device, the attackers have to reinfect it by sending an iMessage with a malicious attachment, thus launching the whole exploitation chain again.”

“In case no reboot occurs, the implant uninstalls itself after 30 days, unless this period is extended by the attackers,” it added.

According to the cybersecurity firm, attacks leveraging the vulnerabilities started in 2019 and are ongoing.

Russia’s FSB intelligence and security agency claims that Apple provided the National Security Agency with a backdoor to infect iPhones in Russia with spyware.

However, an Apple spokesperson told Bleeping Computer that the company has and will never work with any government to offer a backdoor to any Apple product.


Now read: Asus warns users to install update for major router security flaws immediately

Show comments

Latest news

More news

Trending news

Sign up to the MyBroadband newsletter