If you’re an Apple user, your data may be vulnerable to one of the most sophisticated attacks of 2023. A recent discovery by Russian cybersecurity company, Kaspersky, has brought to light an advanced spyware attack that was able to target Apple iOS devices. According to Hacker News, the attack, which was dubbed Operation Triangulation, used four never-before-seen zero-day vulnerabilities to bypass hardware-based security protections and gather sensitive information from devices running iOS versions up to iOS 16.2.
The attack begins with an iMessage carrying a malicious attachment that automatically processes and deploys a spyware module without user interaction. This means that the user wouldn’t even need to open the attachment for the attack to be successful. The severity of the attack is evident in the fact that it was able to bypass Apple’s strong security protocols, which is a major cause for concern.
Apple did release patches for some of the vulnerabilities in January 2023, but others were addressed in iOS 15.7.7, iOS 15.8, iOS 16.3, iOS 16.5.1, and iOS 16.6.1. One of the vulnerabilities, CVE-2023-38606, was used to bypass hardware-based security protections. The exploit allows the threat actor to gain complete control of the compromised system.
The discovery of Operation Triangulation is a wake-up call for Apple and its users. It shows that even the strongest security measures can be breached, and users need to stay vigilant and keep their devices updated with the latest security patches. With the increasing number of cyber threats, it’s imperative to take security seriously and take all necessary steps to protect ourselves and our devices.