Hot Take Apple issues emergency patch to address alleged spyware vulnerability

MuzzMelbourne

MuzzMelbourne

Level 15
Thread author
Verified
Top Poster
Well-known
Mar 13, 2022
599
Apple issued a security update on Wednesday for all its operating systems to patch dangerous vulnerabilities that could allow attackers to take over someone’s entire device.

The vulnerabilities in question, first revealed on June 1, appeared to have led the main Russian intelligence agency to make unusually public claims that Apple intentionally left the flaws in its iOS so the National Security Agency and other U.S. entities could compromise “thousands” of iPhones in Russia. Apple has denied those claims.

The charges from the Federal Security Service, or FSB, came the same day that researchers with cybersecurity firm Kaspersky published a report detailing what they said was an “ongoing” zero-click iMessage exploit campaign dubbed “Operation Triangulation” targeting iOS that allowed attackers to run code on phones with root privileges, among other capabilities. Kaspersky published an additional analysis Wednesday, saying that after roughly six months of collecting and analyzing the data, “we have finished analyzing the spyware implant and are ready to share the details.”
Click to expand...
cyberscoop.com

Apple issues emergency patch to address alleged spyware vulnerability

The fix follows allegations from a Russian intelligence service that an intentional flaw in iPhones provided a gateway for American espionage.
cyberscoop.com cyberscoop.com
 
  • Like
  • Thanks
  • +Reputation
Reactions: Sorrento, JB007, vtqhtr413 and 5 others
Stenographers

Stenographers

Level 2
Nov 11, 2022
48
This is one of my issues with mobile os’. If you could feed your logs from your mobile os into a siem you could potentially catch things like this faster. The locked down nature of mobile os’ make it harder for attackers yes but also defenders. iOS has slowly been creeping up to the levels of UX bloat that plagues desktops (you can only do a floating window manager so many ways) but still basic security functions like configuring a firewall are not a thing.
 
  • Like
Reactions: Sorrento, JB007, vtqhtr413 and 3 others
Trident

Trident

Level 28
Verified
Top Poster
Well-known
Feb 7, 2023
1,742
Stenographers said:
This is one of my issues with mobile os’. If you could feed your logs from your mobile os into a siem you could potentially catch things like this faster. The locked down nature of mobile os’ make it harder for attackers yes but also defenders. iOS has slowly been creeping up to the levels of UX bloat that plagues desktops (you can only do a floating window manager so many ways) but still basic security functions like configuring a firewall are not a thing.
Click to expand...
In this case with 3 if I remember correctly, 0-day vulnerabilities, the firewall wouldn’t help you as it includes gaining access to ring 0. Once you gain that access you can bypass a whole stack of defences and there will be no beeping and peeping from the firewall whatsoever. The malware was also operating completely fileless meaning it was hiding behind trusted processes that a firewall would normally allow.

Question here is until when these vulnerabilities for iMessage and Safari (2 components that can very easily be exposed to unsanitary content) will keep popping up? With so many developers working there, I am sure they can come up with some quality wrappers and other stuff to put this to an end.
 
  • Like
Reactions: Sorrento, JB007 and vtqhtr413
Sandbox Breaker

Sandbox Breaker

Level 9
Verified
Well-known
Jan 6, 2022
436
Trident said:
In this case with 3 if I remember correctly, 0-day vulnerabilities, the firewall wouldn’t help you as it includes gaining access to ring 0. Once you gain that access you can bypass a whole stack of defences and there will be no beeping and peeping from the firewall whatsoever. The malware was also operating completely fileless meaning it was hiding behind trusted processes that a firewall would normally allow.

Question here is until when these vulnerabilities for iMessage and Safari (2 components that can very easily be exposed to unsanitary content) will keep popping up? With so many developers working there, I am sure they can come up with some quality wrappers and other stuff to put this to an end.
Click to expand...
iOS isn't secure by design.
 
  • Like
Reactions: Sorrento
Stenographers

Stenographers

Level 2
Nov 11, 2022
48
Trident said:
In this case with 3 if I remember correctly, 0-day vulnerabilities, the firewall wouldn’t help you as it includes gaining access to ring 0. Once you gain that access you can bypass a whole stack of defences and there will be no beeping and peeping from the firewall whatsoever. The malware was also operating completely fileless meaning it was hiding behind trusted processes that a firewall would normally allow.

Question here is until when these vulnerabilities for iMessage and Safari (2 components that can very easily be exposed to unsanitary content) will keep popping up? With so many developers working there, I am sure they can come up with some quality wrappers and other stuff to put this to an end.
Click to expand...
That is a fair point that it won’t stop a 0 day, but I’m left trying to find indicators for iOS devices that never see the corporate Wi-Fi and particular circumstances prevent us from putting our VPN on them. So no real way to collect network traffic to look for oddities. No way to check iMessage to see if one of those messages was sent. I could go on but it feels like we’re flying blind.

iMessage and Safari have vulnerabilities more frequently than other software, as they’re very attractive targets. you can send anyone something that will display on the screen of that device, or in this case execute code without your permission. That is a very potent attack surface so I expect to only see more stories like this. I will point out that the fact there is a way for someone to send an iMessage, something advertised for security, and compromise a device completely makes me scratch my head a little bit. If I could get rid of iMessage in the family and get us all on signal I’d be happy.
 
  • Like
Reactions: Sorrento, JB007, vtqhtr413 and 1 other person
Stenographers

Stenographers

Level 2
Nov 11, 2022
48
fakewatchman said:
iOS isn't secure by design.
Click to expand...
I would play devils advocate and say it is more secure than an average Windows install. It is just architected in a different, opinionated way. I’m not an Apple fanboy, I cant stand MacOS, but they do at least bother to present like they care about security. https://help.apple.com/pdf/security/en_US/apple-platform-security-guide.pdf

If you mean not safe by design as in being exploitable to 3 letter agencies any popular OS is gonna be like that. If they’re in your threat model you need to be using Qubes OS.
 
  • Like
Reactions: Sorrento, Sandbox Breaker, JB007 and 2 others
silversurfer

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,197

Apple security updates​

Name and information linkAvailable forRelease date
Safari 16.5.1macOS Big Sur and macOS Monterey21 Jun 2023
iOS 16.5.1 and iPadOS 16.5.1iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later21 Jun 2023
iOS 15.7.7 and iPadOS 15.7.7iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)21 Jun 2023
macOS Ventura 13.4.1macOS Ventura21 Jun 2023
macOS Monterey 12.6.7macOS Monterey21 Jun 2023
macOS Big Sur 11.7.8macOS Big Sur21 Jun 2023
watchOS 9.5.2Apple Watch Series 4 and later21 Jun 2023
watchOS 8.8.1Apple Watch Series 3, Series 4, Series 5, Series 6, Series 7, and SE21 Jun 2023

Apple security releases

This document lists security updates and Rapid Security Responses for Apple software.
support.apple.com support.apple.com
 
  • Like
  • Thanks
  • Applause
Reactions: Sorrento, JB007, upnorth and 4 others

Similar threads

vtqhtr413
    • +Reputation
    • Like
Security News Apple fixes two new iOS zero-days exploited in attacks on iPhones
Replies
0
Views
1,064
Security News
vtqhtr413
vtqhtr413
silversurfer
    • +Reputation
    • Like
Security News Google Links Over 60 Zero-Days to Commercial Spyware Vendors
Replies
1
Views
1,847
Security News
vtqhtr413
vtqhtr413
Gandalf_The_Grey
    • Like
    • Applause
    • Thanks
Apple emergency updates fix 3 new zero-days exploited in attacks
Replies
0
Views
1,287
News Archive
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top