Hot Take Apple issues emergency patch to address alleged spyware vulnerability

MuzzMelbourne

Level 15
Thread author
Verified
Top Poster
Well-known
Mar 13, 2022
599
Apple issued a security update on Wednesday for all its operating systems to patch dangerous vulnerabilities that could allow attackers to take over someone’s entire device.

The vulnerabilities in question, first revealed on June 1, appeared to have led the main Russian intelligence agency to make unusually public claims that Apple intentionally left the flaws in its iOS so the National Security Agency and other U.S. entities could compromise “thousands” of iPhones in Russia. Apple has denied those claims.

The charges from the Federal Security Service, or FSB, came the same day that researchers with cybersecurity firm Kaspersky published a report detailing what they said was an “ongoing” zero-click iMessage exploit campaign dubbed “Operation Triangulation” targeting iOS that allowed attackers to run code on phones with root privileges, among other capabilities. Kaspersky published an additional analysis Wednesday, saying that after roughly six months of collecting and analyzing the data, “we have finished analyzing the spyware implant and are ready to share the details.”
 

Stenographers

Level 2
Nov 11, 2022
48
This is one of my issues with mobile os’. If you could feed your logs from your mobile os into a siem you could potentially catch things like this faster. The locked down nature of mobile os’ make it harder for attackers yes but also defenders. iOS has slowly been creeping up to the levels of UX bloat that plagues desktops (you can only do a floating window manager so many ways) but still basic security functions like configuring a firewall are not a thing.
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
This is one of my issues with mobile os’. If you could feed your logs from your mobile os into a siem you could potentially catch things like this faster. The locked down nature of mobile os’ make it harder for attackers yes but also defenders. iOS has slowly been creeping up to the levels of UX bloat that plagues desktops (you can only do a floating window manager so many ways) but still basic security functions like configuring a firewall are not a thing.
In this case with 3 if I remember correctly, 0-day vulnerabilities, the firewall wouldn’t help you as it includes gaining access to ring 0. Once you gain that access you can bypass a whole stack of defences and there will be no beeping and peeping from the firewall whatsoever. The malware was also operating completely fileless meaning it was hiding behind trusted processes that a firewall would normally allow.

Question here is until when these vulnerabilities for iMessage and Safari (2 components that can very easily be exposed to unsanitary content) will keep popping up? With so many developers working there, I am sure they can come up with some quality wrappers and other stuff to put this to an end.
 

Sandbox Breaker

Level 11
Verified
Top Poster
Well-known
Jan 6, 2022
520
In this case with 3 if I remember correctly, 0-day vulnerabilities, the firewall wouldn’t help you as it includes gaining access to ring 0. Once you gain that access you can bypass a whole stack of defences and there will be no beeping and peeping from the firewall whatsoever. The malware was also operating completely fileless meaning it was hiding behind trusted processes that a firewall would normally allow.

Question here is until when these vulnerabilities for iMessage and Safari (2 components that can very easily be exposed to unsanitary content) will keep popping up? With so many developers working there, I am sure they can come up with some quality wrappers and other stuff to put this to an end.
iOS isn't secure by design.
 
  • Like
Reactions: Sorrento

Stenographers

Level 2
Nov 11, 2022
48
In this case with 3 if I remember correctly, 0-day vulnerabilities, the firewall wouldn’t help you as it includes gaining access to ring 0. Once you gain that access you can bypass a whole stack of defences and there will be no beeping and peeping from the firewall whatsoever. The malware was also operating completely fileless meaning it was hiding behind trusted processes that a firewall would normally allow.

Question here is until when these vulnerabilities for iMessage and Safari (2 components that can very easily be exposed to unsanitary content) will keep popping up? With so many developers working there, I am sure they can come up with some quality wrappers and other stuff to put this to an end.
That is a fair point that it won’t stop a 0 day, but I’m left trying to find indicators for iOS devices that never see the corporate Wi-Fi and particular circumstances prevent us from putting our VPN on them. So no real way to collect network traffic to look for oddities. No way to check iMessage to see if one of those messages was sent. I could go on but it feels like we’re flying blind.

iMessage and Safari have vulnerabilities more frequently than other software, as they’re very attractive targets. you can send anyone something that will display on the screen of that device, or in this case execute code without your permission. That is a very potent attack surface so I expect to only see more stories like this. I will point out that the fact there is a way for someone to send an iMessage, something advertised for security, and compromise a device completely makes me scratch my head a little bit. If I could get rid of iMessage in the family and get us all on signal I’d be happy.
 

Stenographers

Level 2
Nov 11, 2022
48
iOS isn't secure by design.
I would play devils advocate and say it is more secure than an average Windows install. It is just architected in a different, opinionated way. I’m not an Apple fanboy, I cant stand MacOS, but they do at least bother to present like they care about security. https://help.apple.com/pdf/security/en_US/apple-platform-security-guide.pdf

If you mean not safe by design as in being exploitable to 3 letter agencies any popular OS is gonna be like that. If they’re in your threat model you need to be using Qubes OS.
 

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,108

Apple security updates​

Name and information linkAvailable forRelease date
Safari 16.5.1macOS Big Sur and macOS Monterey21 Jun 2023
iOS 16.5.1 and iPadOS 16.5.1iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later21 Jun 2023
iOS 15.7.7 and iPadOS 15.7.7iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)21 Jun 2023
macOS Ventura 13.4.1macOS Ventura21 Jun 2023
macOS Monterey 12.6.7macOS Monterey21 Jun 2023
macOS Big Sur 11.7.8macOS Big Sur21 Jun 2023
watchOS 9.5.2Apple Watch Series 4 and later21 Jun 2023
watchOS 8.8.1Apple Watch Series 3, Series 4, Series 5, Series 6, Series 7, and SE21 Jun 2023

 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top