At the Chaos Communication Congress in late December, representatives from Kaspersky revealed the details of Operation Triangulation, a set of iPhone exploits that was described as “the most sophisticated attack chain [the researchers have] ever seen.”
Designed to target iPhones running iOS 16.2 or earlier, the Operation Triangulation attack is initiated with an iMessage text that includes a malicious spyware attachment that runs automatically without user interaction (a “zero-click” attack). The spyware then takes advantage of four iOS vulnerabilities to allow arbitrary code execution.
The four vulnerabilities include one documented as CVE-2023-38606, and Kaspersky points out that this allowed attackers to bypass the hardware-based security for the kernel in the iPhone chips from the A12 to the A16 Bionic. Apple provided a security patch for this vulnerability in iOS 16.6 as well as iOS 15.7.8.
These four vulnerabilities were also fixed in macOS and iPadOS. The three other vulnerabilities exploited by OT include:
- CVE-2023-32434: An integer overflow vulnerability. Patched in iOS 16.5.1 and iOS 15.7.7.
- CVE-2023-32435: A WebKit memory corruption issue. Patched in iOS 16.4 and iOS 15.7.7.
- CVE-2023-41990: A flaw where “a font file may lead to arbitrary code execution,” according to Apple. Patched in iOS 16.3 and iOS 15.7.8.
Kaspersky first reported on OT in July 2023, when employees of the firm were targets of attacks. Kaspersky’s original report described how targets were attacked, while the CCC presentation provided details on what the attack does and the vulnerabilities it uses.
iPhone viruses and malware are rare, but no device is completely invulnerable. Apple urges users to update to the most recent version of iOS that a device can support in order to ensure that the latest security patches are installed. Learn more about iPhone malware and viruses. We also have tips on how to protect your phone from hackers.