According to The Hacker News , the new update from Apple has patched two Zero-Day vulnerabilities that were used in the mobile surveillance campaign Operation Triangulation since 2019. It is unclear which organization is behind this campaign.
Apple said these two vulnerabilities (CVE-2023-32434 and CVE-2023-32435) may have been actively exploited on versions before iOS 15.7, noting that three Kaspersky researchers, Georgy Kucherin, Leonid Bezvershenko and Boris Larin, reported them.
Russian cybersecurity vendors have dissected spyware used in a zero-click attack campaign that targeted iOS devices via iMessages with attachments that exploited a remote code execution (RCE) vulnerability.
The exploit is designed to download additional components to gain root privileges on the device, then deploy a memory backdoor and delete iMessages to remove traces of infection.
The implant, called TriangleDB, leaves no trace after rebooting the device. It is capable of collecting and tracking a variety of data. TriangleDB can interact with the device's file system (create, modify, extract, and delete), manage processes, extract entries to collect login credentials, and monitor the victim's geolocation...
New update fixes 9 zero-day vulnerabilities in Apple products
Kaspersky has also released a utility called “triangle_check” that organizations can use to scan iOS device backups and look for signs of compromise on their devices.
Apple also patched a third Zero-Day, CVE-2023-32439, which was reported anonymously, exploiting the bug to allow hackers to execute arbitrary code when the browser accesses malicious web content.
Updates are available for iOS/iPadOS 16.5.1 platforms for iPhone 8 and later, iPad Pro, iPad Air 3, iPad Gen 5, and iPad mini Gen 5 and later. Older models such as iPhone SE, iPhone 6s, iPod Touch Gen 7, iPad Air 2... are also updated to iOS 15.7.7 and iPadOS 15.7.7.
On wearables, Apple released watchOS 9.5.2 for Series 4 and later, along with watchOS 8.1.1 for Apple Watch Series 3 to Watch SE. Safari was also updated to version 16.5.1 on macOS Monterey.
With the latest update, Apple has addressed a total of nine Zero-Day vulnerabilities in its products since the beginning of the year.
Source link
![[Photo] General Secretary To Lam attends the 50th anniversary of the founding of the Vietnam National Industry and Energy Group](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/9/21/bb0920727d8f437887016d196b350dbf)
![[VIDEO] 50 years of Petrovietnam: Keeping the legacy alive, creating national energy](https://vphoto.vietnam.vn/thumb/402x226/vietnam/resource/IMAGE/2025/9/20/dff4ddb3d15a4076ba5f67fcdc6c7189)
Comment (0)