Apple patches actively exploited vulnerabilities.
By Rachel Gelfand, CyberWire staff writer.
Jun 22, 2023

Apple has patched two security vulnerabilities thought to be responsible for hacks of Russian devices.

Apple patches actively exploited vulnerabilities.

Apple has patched two security flaws that were used in hacks against thousands of Russian devices, the Washington Post reports. Russia’s Federal Security Service (FSB), has attributed this campaign to the US NSA, but there's no evidence of NSA’s involvement apart from the FSB's accusation. The FSB itself has refrained from explaining how they reached their conclusion.

The method of the attack on iOS devices.

Details of the incident have been provided by Russian security firm Kaspersky. The company reports that the attack, which they’ve named “Operation Triangulation,” works by sending a malicious attachment within an iMessage. The malicious TriangleDB implant does not require the victim to open the message; its existence on the device is enough to unleash the malicious code. Twenty-four commands were included within the code once installed, which included the creation and exfiltration of files, interaction with system processes, access to the Keychain (which allows for easy credential harvesting), and location tracking. The attacks were seen on devices running iOS 15.7 or earlier, which fell out of date this past September.

The FSB points fingers at NSA, while Apple asserts there was no government involvement at all.

Kaspersky did not explicitly offer attribution. The FSB, however, has asserted that the hack is a reconnaissance operation by the United States government against the nation, the Hacker News reports.

An Apple spokesperson told Cyberscoop that the company has “never worked with any government to insert a backdoor into any Apple product and never will.” In its security update, Apple says that the hack allowed for the execution of “arbitrary code with kernel privileges.” Sophos writes that the vulnerabilities, CVE-2023-32439 and CVE-2023-32434, have been patched in Apple’s latest update on all devices (with the possible exception of tvOS, which Sophos says may just have yet to receive an update). It is strongly advised that those with Apple devices update as soon as possible.

Industry insight.

Ray Kelly, Fellow at Synopsys Software Integrity Group, commends Apple for its quick response and patch, as he says is par for the course with Apple:

“Apple has a great track record when it comes to addressing critical vulnerabilities in its software quickly to help its users stay protected. This is critically important since Apple users do not have a way to protect themselves from malicious websites that may be actively exploiting in the wild, like this specific WebKit vulnerability.

"Security-focused updates like this really stress the importance of enabling automatic iOS updates to ensure you have the latest software that keeps your device safe. However, since some users choose to disable these automatic updates, malicious actors will always have a vast amount of vulnerable targets.”