Apple Issues Patch To Stop 'Triangulation' Spyware That Hit Kaspersky
Apple has released a patch to stop a mysterious piece of spyware that’s been infecting iPhones in Russia and at the antivirus provider Kaspersky.
On Wednesday, Cupertino issued the patches for iOS(Opens in a new window), macOS(Opens in a new window) iPadOS and watchOS, three weeks after Kaspersky disclosed it had discovered the so-called “Triangulation" spyware on several dozen iPhones belonging to company employees.
The spyware is raising alarms because it can infect an iPhone through malicious messages sent over iMessage. No user interaction is required.
Apple’s patch notes also suggest the spyware is particularly powerful. By exploiting a previously unknown flaw in the company’s software, Cupertino says “an app may be able to execute arbitrary code with kernel privileges,” allowing it to tamper with the core part of the operating system.
The spyware also took advantage of a second(Opens in a new window) previously unknown flaw in the older iOS 15, this one involving WebKit, the browser engine for Safari. In response, Apple has issued patches(Opens in a new window) for iPhone models going back to the 6s.
On the same day, Kaspersky also released more details(Opens in a new window) about its investigation into the Triangulation spyware, which differs significantly from other spyware tied to commercial surveillance companies, such as Israel’s NSO Group.
Kaspersky's report also confirmed that Triangulation can exploit the iOS kernel to gain root privileges. It’ll then deploy a spyware implant that only operates within the device’s RAM memory, “meaning that all traces of the implant are lost when the device gets rebooted.”
Hence, the operator of the spyware has to infect the phone again to maintain a presence on the
Read more on pcmag.com
