Apple has taken action to address three newly discovered zero-day vulnerabilities that were exploited to install Triangulation spyware on iPhones. The company acknowledged the existence of these vulnerabilities, named CVE-2023-32434 and CVE-2023-32435, and confirmed their exploitation in attacks on iOS versions released prior to iOS 15.7. Kaspersky security researchers Georgy Kucherin, Leonid Bezvershenko, and Boris Larin were responsible for discovering and reporting these security flaws.
Unveiling The Operation Triangulation
Kaspersky recently published a report shedding light on a spyware campaign known as “Operation Triangulation.” The campaign involves the deployment of TriangleDB, an iOS spyware component, which is activated after attackers gain root privileges on targeted iOS devices by exploiting a kernel vulnerability. TriangleDB operates in the device’s memory, making it difficult to trace once the device is rebooted. To maintain control, the attackers must reinfect the device by sending a malicious iMessage attachment if the victim restarts their device. However, if no reboot occurs, the implant automatically uninstalls itself after 30 days, unless extended by the attackers.
Ongoing Attacks and Allegations
These attacks have been ongoing since 2019, according to Kaspersky. The cybersecurity company recently reported that iPhones connected to its network were infected with previously unknown spyware via iMessage zero-click exploits, leveraging iOS zero-day vulnerabilities. Kaspersky disclosed that its Moscow office and employees in other countries were impacted by the attack. Furthermore, Russia’s FSB intelligence and security agency claimed that Apple collaborated with the NSA to create a backdoor that facilitated the infection of iPhones in Russia with spyware.
The FSB alleged that thousands of infected iPhones were discovered among Russian government officials and embassy staff in countries such as Israel, China, and NATO member nations. Apple categorically denied these claims, stating that they have never worked with any government to insert backdoors into their products and have no intentions of doing so.
Apple’s Response and Patching Efforts
Apple has promptly addressed the three zero-day vulnerabilities by releasing patches in various software versions. The WebKit zero-day vulnerability, CVE-2023-32439, reported by an anonymous researcher, has also been fixed. This vulnerability allowed attackers to execute arbitrary code on unpatched devices by exploiting a type confusion issue.
The affected software versions that received patches include macOS Ventura 13.4.1, macOS Monterey 12.6.7, macOS Big Sur 11.7.8, iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, watchOS 9.5.2, and watchOS 8.8.1. Apple’s updates include improved checks, input validation, and state management to enhance overall security
Impacted Devices
The range of impacted devices is extensive, encompassing older as well as newer models. The list of affected devices includes iPhone 8 and later, all iPad Pro models, iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later. Additionally, iPhone 6s and later models, iPhone SE (1st generation), iPad Air 2, iPad mini 4th generation, and iPod touch (7th generation) were affected.
The vulnerability also extended to Macs running macOS Big Sur, Monterey, and Ventura. Apple Watch Series 4 and later, Apple Watch Series 3, Series 4, Series 5, Series 6, Series 7, and SE were also impacted.
Continued Efforts to Mitigate Exploitation
These recent zero-day vulnerabilities add to a growing list of security flaws that Apple has addressed. Since the beginning of the year, Apple has patched a total of nine zero-day vulnerabilities that were exploited in the wild to compromise iPhones, Macs, and iPads. In the past month, Apple resolved three additional zero-day vulnerabilities (CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373), the first of which was reported by Google Threat Analysis Group and Amnesty International Security Lab researchers.
These vulnerabilities were likely exploited for the installation of commercial spyware. Earlier in April, Apple fixed two other zero-days (CVE-2023-28206 and CVE-2023-28205) used in exploit chains targeting Android, iOS, and Chrome vulnerabilities to deploy spyware against high-profile targets worldwide. In February, Apple also addressed a WebKit zero-day (CVE-2023-23529) that was leveraged to gain code execution on vulnerable iPhones, iPads, and Macs.
Conclusion
Apple has responded swiftly to address the three zero-day vulnerabilities that enabled the installation of Triangulation spyware on iPhones. By releasing patches across various software versions, Apple aims to safeguard its users against potential exploitation. The company’s commitment to improving security is evident through its ongoing efforts to patch vulnerabilities and protect its users from evolving threats. It is crucial for Apple device owners to promptly update their software to ensure the latest security enhancements are in place.
As the cybersecurity landscape continues to evolve, it is essential to stay informed about emerging threats and developments. I would highly suggest you to visit our CyberSecurity section to enhance your defenses and stay ahead of evolving cyber threats.
If you found these cybersecurity updates valuable, don’t miss out on more exclusive content. Follow us on Twitter and Instagram to stay informed about emerging threats and developments. Join our community and gain access to the latest cybersecurity trends to bolster your defense against evolving risks.