Table of Contents
This Post Is Recently Updated on Oct 28, 2023 @ 23:43 pm by TBB Desk
1. Kaspersky’s Warning on iOS Vulnerability
Kaspersky, a renowned cybersecurity firm, recently revealed at the Security Analyst Summit (SAS) in Phuket that Apple iOS devices are under threat from “Operation Triangulation.” This cyber threat, as identified by Kaspersky’s Global Research and Analysis Team (GReAT), can access the device’s physical memory without user involvement and gain full control over the targeted device.
2. Operation Triangulation’s Exploit Method
The research report indicates that this cyber threat employs an intricate technique, distributing zero-click exploits via iMessage. This method enables hackers to seize full control over both the device and its stored user data. Fortunately, Kaspersky has reported that the detected vulnerabilities associated with this threat have been rectified.
3. The Five Identified Vulnerabilities
Kaspersky’s specialists have disclosed in-depth details about the attack process, revealing that it capitalizes on five specific vulnerabilities. Out of these, four were previously unrecognized. The report elaborates on the vulnerabilities, starting with an entry point identified in a font processing library. The subsequent vulnerability was found in the memory mapping code, granting direct access to the device’s physical memory. Two more vulnerabilities were then used to circumvent the security features of the Apple processor’s hardware. Further research showed that attackers also had the ability to execute remote attacks on Apple devices via the Safari browser, leading to the identification and subsequent patching of a fifth vulnerability.
4. Protective Measures for Users
Boris Larin, a Principal Security Researcher at Kaspersky’s GReAT, emphasized that despite the enhanced security features of modern Apple devices, they are not impervious to cyber threats. The discovery of “Operation Triangulation” serves as a pertinent reminder for users to be wary of iMessage attachments from unknown sources. To bolster device security, Kaspersky researchers advocate for consistent updates of operating systems, apps, and antivirus software. They also underscore the importance of verifying the authenticity of senders, refraining from engaging with dubious links, and being vigilant when confronted with unsolicited requests for sensitive data.
