Apple has just released updates for iOS, iPadOS, macOS, watchOS, and Safari browsers to patch a series of vulnerabilities that are believed to have been exploited.
According to The Hacker News, a new update from Apple has patched two Zero-Day vulnerabilities that have been used in the mobile surveillance campaign Operation Triangulation since 2019, it is not clear which organization is behind this campaign.
researchers, Georgy Kucherin Apple says that these two vulnerabilities (CVE-2023-32434 and CVE-2023-32435) may have been actively exploited on versions prior to iOS 15.7, noting three Kaspersky, Leonid Bezvershenko, and Boris Larin reported them.
Russian cybersecurity service providers have dissected spyware used in a clickless attack campaign that targeted iOS devices via the iMessage app with exploit attachments. remote code execution (RCE) vulnerability.
The exploit is designed to download additional components to get the most out of the device, then deploy an in-memory backdoor and delete iMessages to remove traces of infection.
The implant called TriangleDB leaves no trace after the device reboot. The program has the ability to collect and track a variety of data. TriangleDB can interact with the device’s file system (create, modify, extract, and delete), manage processes, extract entries to collect login information, and monitor the geolocation of the device. victim
Kaspersky has also released a utility called “triangle_check”, which organizations can use to scan iOS device backups and look for signs of compromise on their devices.
Apple also patched the third Zero-Day bug, CVE-2023-32439, which was reported anonymously, exploiting this bug to give hackers the ability to execute arbitrary code when the browser accesses malicious web content.
Updates are available for iOS/iPadOS 16.5.1 platforms for iPhone 8 and later, iPad Pro, iPad Air 3, iPad Gen 5, and iPad mini Gen 5 and later. Older models such as iPhone SE, iPhone 6s, iPod Touch Gen 7, and iPad Air 2 are also updated to iOS 15.7.7 and iPadOS 15.7.7.
In wearables, Apple released watchOS 9.5.2 for the series 4 and later, along with watchOS 8.1.1 for the Apple Watch Series 3 to Watch SE. Safari browser is also updated to version 16.5.1 on macOS Monterey.
With the latest update, Apple has resolved a total of 9 Zero-Day vulnerabilities in its products since the beginning of the year