Apple Fixes Multiple 4-Year-Old Zero-DaysBugs Exploited to Install Spyware and Remotely Execute Code in Some Cases
Apple has fixed multiple zero-days that were actively being exploited since 2019 and infect several iOS devices with a spyware implant dubbed TriangleDB via zero-click iMessage exploits.
The patches released for the flaws tracked as CVE-2023-32434 and CVE-2023-32435 arose from integer overflow and memory corruption issues, respectively. Attackers could exploit the flaws and gain arbitrary code execution privileges, the smartphone giant said in its Wednesday security update.
The latest patch addressed flaws in iOS, iPadOS, macOS, watchOS and Safari browser. Kaspersky security researchers Georgy Kucherin, Leonid Bezvershenko and Boris Larin are credited with reporting the vulnerabilities to Apple.
Apple also addressed the anonymously reported third zero-day tracked as CVE-2023-32439, which can result in arbitrary code execution when using maliciously crafted web content.
TriangleDB Zero-Click Spyware
Apple's attribution to Kaspersky came after the Russian cybersecurity firm earlier this month said it had discovered a campaign dubbed "Operation Triangulation," in which an APT group launched zero-click iMessage exploits on iOS-powered devices to drop spyware in its corporate network (see: Kaspersky Discloses Apple Zero-Click Malware).
In a blog post by Kaspersky on Wednesday, researchers disclosed technical details of the TriangleDB spyware.
The implant is written in Objective-C language and has a self-destruction code activated, which runs after 30 days of initial infection. But before self-destruction, the spyware helps run several processes including file creation, modification, deletion and exfiltration; manipulation of running processes; exfiltration of iOS keychain elements including certificates, digital identities and/or credentials of various services; transmission of the victims' geolocation data; and loading of additional payloads into the phone's memory and running them to maximize damages, the researchers said.
Russian domestic intelligence agency the Federal Security Service on June 1 said it had uncovered several thousand iPhones infected with the same malware and accused Apple of collaborating with the U.S. National Security Agency. Russia's CERT released an alert linking the FSB's statement to Kaspersky's report. An Apple spokesperson quashed these claims and said, "We have never worked with any government to insert a backdoor into any Apple product and never will."