Apple is introducing new security updates to fix critical vulnerabilities in its system that were being attacked by Triangulation spyware.
“Operation Triangulation” used vulnerabilities identified as CVE-2023-32434 and CVE-2023-32435 to make targeted attacks via iMessage through a zero-click exploit (meaning victims didn’t even have to interact with the scam).
“The implant, which we dubbed TriangleDB, is deployed after the attackers obtain root privileges on the target iOS device by exploiting a kernel vulnerability. It is deployed in memory, meaning that all traces of the implant are lost when the device gets rebooted,” said antivirus company Kaspersky, which reported on the vulnerabilities earlier this week.
“Therefore, if the victim reboots their device, the attackers have to reinfect it by sending an iMessage with a malicious attachment, thus launching the whole exploitation chain again. In case no reboot occurs, the implant uninstalls itself after 30 days, unless this period is extended by the attackers.”
“Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7,” said an Apple spokesperson.
A third vulnerability, CVE-2023-32439, was discovered more recently by an anonymous researcher, which Apple took steps to address.
Emergency updates were rolled out for Apple products to patch the vulnerabilities. Update iOS 15.7.7 resolves the threat for iPad Air, iPad Air 2, iPhone 6s, iPhone 7, 1st generation iPhone SE, and the 7th generation iPod Touch. iOS 16.5.1 fixes the problem for newer models of Apple products.
macOS Big Sur 11.7.8, macOS Ventura 13.4.1, and macOS Monterey 12.6.7 was also released for Mac users.
Without running the newest security update for your Apple product, you’re exposing yourself to this critical vulnerability, make sure you have automatic updates turned on and that you’re running the most recent version of your Apple product.