- Apple has released patches for zero-day vulnerabilities CVE-2023-32434 and CVE-2023-32435, which were actively exploited, affecting devices before the iOS 15.7 update.
- Malicious actors exploiting the flaws were discovered targeting the iMessage app by researchers from the cybersecurity firm Kaspersky.
Apple released emergency patches for a pair of new zero-day vulnerabilities on iOS, macOS, iPadOS, Safari browser, and watchOS platforms following an alert by Kaspersky researchers Leonid Bezvershenko, Georgy Kucherin, and Boris Larin. The flaws CVE-2023-32434 and CVE-2023-32435 have been exploited since 2019 and have affected Apple devices before the iOS 15.7 update.
- CVE-2023-32434 is an integer overflow vulnerability in the kernel that can be exploited to run arbitrary code with associated kernel privileges.
- CVE-2023-32435 is a vulnerability associated with memory corruption in WebKit that allows the running of arbitrary code when using crafted web content.
Both zero-day vulnerabilities have been used in mobile surveillance operations, ‘Operation Triangulation,’ by unknown parties. Kaspersky identified the flaws by dissecting a spyware implant called Triangle DB that targeted iOS devices that used the iMessage app with a remote code execution (RCE) vulnerability attachment.
See More: Cybersecurity Researchers Expose ‘Legitimate’ Android App as Malware
Triangle DB Implant Extracts Root Permission on Targeted Devices
The exploit code attached to the app runs via iMessage to extract root privileges on the targeted device, which in turn allows the deployment of backdoor access to the memory. The initial message is then deleted to remove any traces of such activity through a device reboot.
The malicious code also allows sophisticated device tracking and data collection abilities. This included file modification and removal, victim credential extraction, and geolocation monitoring. Furthermore, the code is also designed in Objective C to self-destruct 30 days past infection.
Apple also patched another zero-day vulnerability (CVE-2023-32439) that anonymous researchers reported. The WebKit vulnerability allows attackers to run arbitrary code execution on unpatched devices through a type of confusion exploit.
Apple OS is often a target for malicious actors, requiring frequent patch updates from the company. However, the Russian Federal Security Service accused Apple of working with the U.S. NSA in early June after discovering the malware in several devices, an accusation that the company refuted.
The new updates are available for devices running the following platforms: iOS 16.5.1, iPadOS 16.5.1, iOS 15.7.7, iPadOS 15.7.7, macOS Ventura 13.4.1, macOS Monterey 12.6.7, macOS Big Sur 11.7.8, watchOS 9.5.2, watchOS 8.8.1, and Safari 16.5.1.
iPhone users can patch their devices by going to Settings – General – Software Update, while Mac users can get the updates through the Apple menu icon – System Preferences – Software Update.
What practices do you follow to keep your devices safe? Let us know your thoughts on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d love to hear from you!
Image source: Shutterstock
LATEST NEWS STORIES
- Intel Restructures Manufacturing Business, Intends to Save Billions
- HPE Discover 2023 Spotlight: Company Launches HPE GreenLake for Large Language Models
- Blackcat Ransomware Threatens To Leak 80GB Data Unless Reddit Withdraws Its New API Policy
- AMD Challenges NVIDIA With the Launch of MI300X AI Chip