According to The Hacker News , Apple's latest update has patched two zero-day vulnerabilities that were used in the mobile surveillance campaign Operation Triangulation since 2019, although it is unclear which organization was behind this campaign.
Apple says these two vulnerabilities (CVE-2023-32434 and CVE-2023-32435) may have been actively exploited on versions prior to iOS 15.7, noting that three Kaspersky researchers, Georgy Kucherin, Leonid Bezvershenko, and Boris Larin, reported them.
Russian cybersecurity providers have dissected spyware used in a clickless attack targeting iOS devices via the iMessages app with attachments exploiting remote code execution (RCE) vulnerabilities.
The exploit code is designed to download additional components to gain high privileges on the device, then deploy a backdoor in memory and delete iMessages to erase traces of infection.
The implant, called TriangleDB, leaves no trace after the device restarts. The program is capable of collecting and monitoring a wide variety of data. TriangleDB can interact with the device's file system (creating, modifying, extracting, and deleting), manage processes, extract items to collect login information, and monitor the victim's geographic location...
The new update has fixed 9 zero-day bugs in Apple products.
Kaspersky has also released a utility called "triangle_check," which organizations can use to scan iOS device backups and look for signs of compromise on their devices.
Apple has also patched a third Zero-Day vulnerability, CVE-2023-32439, which was reported anonymously. This vulnerability allows hackers to execute arbitrary code when the browser accesses malicious web content.
Updates are available for iOS/iPadOS 16.5.1 platforms for iPhone 8 and later, iPad Pro, iPad Air 3, iPad Gen 5, and iPad mini Gen 5 and later. Older models such as iPhone SE, iPhone 6s, iPod Touch Gen 7, iPad Air 2, etc., will also receive the iOS 15.7.7 and iPadOS 15.7.7 updates.
On wearable devices, Apple released watchOS 9.5.2 for the Series 4 and later models, along with watchOS 8.1.1 for the Apple Watch Series 3 to Watch SE. The Safari browser was also updated to version 16.5.1 on macOS Monterey.
With the latest update, Apple has addressed a total of nine zero-day vulnerabilities in its products since the beginning of the year.
Source link
Comment (0)