This cyberattack, which has been detected by Kaspersky employees, has been in use for at least four years.
Apple is not one to talk without reason, and its latest advertisements place special emphasis on the privacy and security of its quintessential phones: the iPhone. The traditional secrecy that has always identified the Cupertino company is one of the reasons why their phones are quite securealthough it does not completely exempt it from occasionally detecting vulnerabilities.
Now, as we read in Xataka, there is a new case of hacking and it is not at all negligible. Is about one of the most curious and striking cyberattacksin recent years, and yes, the victims have been users of the Apple iPhone. Let’s see how they managed to hack it and what this vulnerability consists of.
Triangulation, the vulnerability that has been affecting the iPhone for several years
It has been a group of experts belonging to Kaspersky who have become aware of this vulnerability. Reported in Ars Technica, it is an attack that already gave people something to talk about a few months ago, in June of this same year. Now, it is known that it has infected employees’ devices with a particularly particular method.
What does it consist of? Well, the protagonists of this story attacked the iPhone, managing to access the system thanks to a hardware characteristic that was unknown. Something that leaves no doubt about the resources and technical knowledge that these cybercriminals had at their disposal.
In reality, more than a simple exploit (a term used to refer to a computer vulnerability) is a “megaexploit”, because “Triangulation” – this is the name given to the mechanism – uses a chain of exploits sent via text in the messaging app from the company, iMessage.
How is it possible that they managed to breach the security of the iPhone? Precisely because they took advantage of four critical zero-day vulnerabilities: CVE-2023-32434, CVE-2023-32435, CVE-2023-38606 and CVE-2023-41990. These affect not only the Apple phone, but also devices such as the Apple TV, the iPod and some Macs.
It’s curious, because some of these vulnerabilities come from Apple’s TrueType font, the Safari browser, and the operating system kernel itself. In short, with the chain of exploits they achieved administrator accessthus allowing the installation of spyware.
In turn, the spyware made victims’ iPhones transfer voice recordings, location data, images and sensitive information of users, who went directly to the criminals’ servers. For its part, Kaspersky prepared a report with conclusions about this case: although Apple has already patched the vulnerabilities, it is difficult to know if a device is really infected.
The “Triangulation” hack has affected diplomatic missions and embassies, and has been classified as one of the most sophisticated, according to Boris Larin, Kaspersky researcher. “This is definitely the most sophisticated attack chain we’ve seen,” commented on social networks.
The post Historic cyberattack on the iPhone: the “Triangulation” vulnerability has been compromising Apple phones for years appeared first on EntornoInteligente – Breaking News from around the world.