Apple issues fix for ‘Triangulation’ spyware vulnerability

By Nick Heyman On Jun 23, 2023

New security flaws within Apple’s software platforms have officially been patched out by the tech giant, as highlighted on its support page. The vulnerabilities, known as zero-day exploits, were first discovered by Kaspersky researchers.

The updates address CVE-2023-32434 (Kernel) and CVE-2023-32435 (WebKit), and are currently being pushed out across Apple’s ecosystem of devices. The vulnerabilities have been exploited in attacks that install so-called “Triangulation” spyware, according to Kaspersky.

“Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7,” the company said when addressing the vulnerabilities.

Kaspersky security researcher Boris Larin, who helped discover the vulnerability, has taken to Twitter with the recommendation to update all impacted Apple devices as soon as possible.

Today Apple released updates for CVE-2023-32434 (Kernel) and CVE-2023-32435 (WebKit) in-the-wild zero-days which were discovered by us (@kucher1n, @bzvr_ and yours truly) in the #iOSTriangulation attacks. Update your iOS/iPadOS/macOS/watchOS now! pic.twitter.com/w1HxJwq4GO

— Boris Larin (@oct0xor) June 21, 2023

In a new report published by Kaspersky, the security company goes into detail regarding the use of the vulnerabilities in what it has dubbed “Operation Triangulation.”

“The implant, which we dubbed TriangleDB, is deployed after the attackers obtain root privileges on the target iOS device by exploiting a kernel vulnerability. It is deployed in memory, meaning that all traces of the implant are lost when the device gets rebooted,” Kaspersky says.

Upon release of the Kaspersky report, Russia’s Federal Security Service (FSB) came forward with the claim that Apple provided the National Security Agency (NSA) with a backdoor to the exploit.

Specifically, the Russian government alleges that its American counterpart used the vulnerability to inject spyware into iPhones owned by Russian officials.

Source: Apple, Kaspersky Via: BleepingComputer

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TheDailyCheck is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected] The content will be deleted within 24 hours.