Apple has officially patched new security flaws in its software platforms, as highlighted on its support page. These vulnerabilities, known as zero-day exploits, were first discovered by Kaspersky researchers.
The updates address CVE-2023-32434 (Kernel) and CVE-2023-32435 (WebKit) and are currently being rolled out across Apple devices. Kaspersky reported that these vulnerabilities have been exploited in attacks using “Triangulation” spyware.
“Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7,” the company stated in reference to the vulnerabilities.
Boris Larin, a security researcher at Kaspersky who helped discover the vulnerability, has recommended on Twitter that all affected Apple devices should be updated as soon as possible.
Today Apple released updates for CVE-2023-32434 (Kernel) and CVE-2023-32435 (WebKit) in-the-wild zero-days which were discovered by us (@kucher1n, @bzvr_ and yours truly) in the #iOSTriangulation attacks. Update your iOS/iPadOS/macOS/watchOS now! pic.twitter.com/w1HxJwq4GO
— Boris Larin (@oct0xor) June 21, 2023
In a new report published by Kaspersky, the security company provides detailed information about the use of these vulnerabilities in what they call “Operation Triangulation.”
“The implant, which we dubbed TriangleDB, is deployed after the attackers obtain root privileges on the target iOS device by exploiting a kernel vulnerability. It is deployed in memory, meaning that all traces of the implant are lost when the device is rebooted,” explains Kaspersky.
In response to the Kaspersky report, Russia’s Federal Security Service (FSB) has claimed that Apple provided the National Security Agency (NSA) with a backdoor to the exploit. The Russian government specifically alleges that the NSA used the vulnerability to inject spyware into iPhones owned by Russian officials.
Source: Apple, Kaspersky Via: BleepingComputer
Denial of responsibility! SamacharCentrl is an automatic aggregator of Global media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, and all materials to their authors. For any complaint, please reach us at – [email protected]. We will take necessary action within 24 hours.
Deepak Sen is a tech enthusiast who covers the latest technological innovations, from AI to consumer gadgets. His articles provide readers with a glimpse into the ever-evolving world of technology.