Apple announced on Wednesday that it has successfully resolved two recently discovered security vulnerabilities in its iPhones and iPads. These flaws had been exploited to hack thousands of devices in Russia, further highlighting the seriousness of the campaign that Russian intelligence attributed to the United States.
The credit for uncovering these vulnerabilities goes to researchers from Kaspersky Lab, a Russian security software maker. They had previously disclosed that their senior employees were among the targets. Simultaneously, Russia’s Federal Security Service (FSB) accused the National Security Agency (NSA) of being responsible for the attacks. However, the FSB did not provide evidence or explain its reasoning, and the NSA has not responded to these allegations.
Kaspersky has shed more light on the attack, revealing that it worked by sending an iMessage with a malicious attachment. Merely receiving this message would infect the user’s phone and allow the attacker to execute chosen codes. Users could remove the infection by restarting their phones or by activating Apple’s Lockdown Mode, which provided additional protection against these attacks.
Upon further investigation, Kaspersky discovered that the malicious code installed after infection contained 24 commands. These commands included accessing passwords stored in Apple’s Keychain, tracking locations, and modifying or exporting files.
“One of our researchers, Georgy Kucherin, who is credited by Apple for discovering these vulnerabilities, described the iOS implant used in the attack as highly sophisticated, displaying numerous intriguing oddities,” said Kaspersky. The attack has been named Triangulation, and Kaspersky, along with other organizations, has released tools to help users check if their devices are infected.
Apple confirmed that the fixes would safeguard iPhones running iOS 15.7 or earlier, which became outdated in September. More recent versions of the operating system already had enhanced security measures in place, making them immune to these attacks. Apple stated that 90% of customers who purchased devices within the past four years have upgraded to iOS 16, the latest major release.
Kaspersky expressed gratitude to Apple for collaborating in the analysis and resolution of these vulnerabilities. In the past, Kaspersky has exposed some of the most sophisticated spying tools developed by the NSA, including those related to Stuxnet, which crippled Iranian uranium enrichment facilities.
However, Kaspersky faced backlash when U.S. officials alleged that its consumer antivirus program had been utilized to extract classified information from an intelligence employee’s personal computer. As a result, Kaspersky was banned from government machines, and its market share in the U.S. plummeted.
The technique used in the Triangulation attack bears similarities to the methods employed by NSO and other providers of high-end spyware. The U.S. government has blacklisted NSO due to its association with oppressive governments that engage in surveillance against innocent citizens.
Overall, Apple’s prompt resolution of these security flaws demonstrates its commitment to protecting the privacy and security of its users.
Denial of responsibility! VigourTimes is an automatic aggregator of Global media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, and all materials to their authors. For any complaint, please reach us at – [email protected]. We will take necessary action within 24 hours.
