The updates are available for the following platforms. The actively exploited flaw, described as a type confusion issue, has been addressed with improved checks.
In an attempt to complete the attack puzzle and gather its different moving parts, Kaspersky has released a utility called " triangle_check" that organizations can use to scan iOS device backups and hunt for any signs of compromise on their devices.Īlso patched by Apple is a third zero-day CVE-2023-32439, which has been reported anonymously and could result in arbitrary code execution when processing malicious web content. This includes "interacting with the device's file system (including file creation, modification, exfiltration, and removal), managing processes (listing and termination), extracting keychain items to gather victim credentials, and monitoring the victim's geolocation, among others." It also comes with diverse data collection and tracking capabilities. The sophisticated implant, called TriangleDB, operates solely in the memory, leaving no traces of the activity following a device reboot. The exploit code is also engineered to download additional components to obtain root privileges on the target device, after which the backdoor is deployed in memory and the initial iMessage is deleted to conceal the infection trail. The advisory comes as the Russian cybersecurity vendor dissected the spyware implant used in the zero-click attack campaign targeting iOS devices via iMessages carrying an attachment embedded with an exploit for the kernel remote code execution (RCE) vulnerability. The iPhone maker said it's aware that the two issues "may have been actively exploited against versions of iOS released before iOS 15.7," crediting Kaspersky researchers Georgy Kucherin, Leonid Bezvershenko, and Boris Larin for reporting them. CVE-2023-32435 - A memory corruption vulnerability in WebKit that could lead to arbitrary code execution when processing specially crafted web content.CVE-2023-32434 - An integer overflow vulnerability in the Kernel that could be exploited by a malicious app to execute arbitrary code with kernel privileges.The exact threat actor behind the activity is not known. This includes a pair of zero-days that have been weaponized in a mobile surveillance campaign called Operation Triangulation that has been active since 2019. Apple on Wednesday released a slew of updates for iOS, iPadOS, macOS, watchOS, and Safari browser to address a set of flaws it said were actively exploited in the wild.
0 kommentar(er)
