At the Chaos Communication Congress in late December, representatives from Kaspersky revealed details of Operation Triangulation, a set of iPhone exploits described as “the most sophisticated attack chain.” [the researchers have] already seen.”
Designed to target iPhones running iOS 16.2 or earlier, the Operation Triangulation attack is launched with an iMessage text containing a malicious spyware attachment that executes automatically without user interaction (a “zero click” attack). ). The spyware then takes advantage of four iOS vulnerabilities to allow the execution of arbitrary code.
The four vulnerabilities include one documented as CVE-2023-38606, and Kaspersky points out that this allowed attackers to bypass the kernel hardware security of iPhone chips from the A12 to the A16 Bionic. Apple provided a security patch for this vulnerability in iOS 16.6 as well as iOS 15.7.8.
These four vulnerabilities have also been fixed in macOS and iPadOS. The other three vulnerabilities exploited by OT include:
Kaspersky first reported on OT in July 2023, when the company’s employees were targets of attacks. Kaspersky’s original report described how the targets were attacked, while the CCC presentation provided details on the effects of the attack and the vulnerabilities it uses.
Viruses and malware on iPhone are rare, but no device is completely invulnerable. Apple urges users to update to the most recent version of iOS supported by a device to ensure the latest security patches are installed. Learn more about iPhone malware and viruses. We also have tips on how to protect your phone from hackers.
