1703985853
Published29. December 2023, 08:04
Apple: iMessage victim of “the most sophisticated attack chain”
Kaspersky experts have uncovered the “Operation Triangulation” cyberattack, which exploited a combination of four vulnerabilities that existed on iPhones until the release of iOS 16.2.
A malicious attachment allows the sophisticated attack to be launched on the old version of iOS.
AFP
A cyberattack on iPhones, presented by Kaspersky Lab researchers on Wednesday during the 37th edition of the Chaos Communication Congress in Hamburg, made it possible to infect these devices via the messaging platform iMessage. It was touted as “the most sophisticated attack channel” ever and was called “Operation Triangulation.” It was directed against employees of the famous Russian company. The method, discovered six months ago, exploits a combination of four so-called “zero-day” vulnerabilities that were present in iOS until version 16.2 of the mobile operating system was released. Mysterious hackers used it between 2019 and December 2022.
A zero-click attack chain
In practice, the zero-click attack sequence, which therefore requires no action from the victim, begins by sending a malicious attachment to iMessage. This is processed by the messaging service in the background without informing the user. The attack exploits an initial remote code execution vulnerability listed as CVE-2023-41990. It then exploits three additional vulnerabilities that allow hackers to remotely execute code, compromise the confidentiality of device data and bypass security policies, according to Kaspersky researchers. Attackers can also exploit a vulnerability in the Safari web browser to remove all traces of their infiltration.
“Security through darkness” criticized
To protect yourself, iPhone owners simply need to update their smartphone’s operating system to a newer version. But gray areas remain. “This is no ordinary vulnerability and many questions remain unanswered,” the researchers conclude. They question the long-term effectiveness of closed systems like Apple’s, which are based on “security through obscurity” – that is, on keeping how a system works secret in order to protect it. They emphasize that “sooner or later all secrets will be revealed.”
Don’t miss any more news
To stay up to date on your favorite topics and not miss any news, subscribe to our newsletter and receive the most important news of the day directly to your inbox every day.
(Man)
#iMessage #fallen #victim #sophisticated #chain #attacks