ALBAWABA - Recent revelations shed light on the extensive investigation process surrounding Operation Triangulation, Advanced Persistent Threat (APT) campaign targeting iOS devices.
This campaign, known as Operation Triangulation, employs a sophisticated technique to distribute clickless vulnerabilities via iMessage, ultimately gaining full control over the targeted devices and user data.
The investigation into Operation Triangulation, a threat with a pronounced emphasis on user surveillance, is turning out to be a complex and resource-intensive process. Given the intricacies of the attack and the inherently closed iOS ecosystem, a specialized task force has invested a substantial amount of time and resources in conducting an in-depth technical analysis.
During the recent Security Analyst Summit, Kaspersky's experts unveiled previously undisclosed details about Operation Triangulation's attack chain, which exploits a total of five security vulnerabilities. Of note, four of these vulnerabilities were previously undisclosed and have since been patched by Apple following reports from security researchers.
The experts at Kaspersky initially identified the first entry point through a vulnerability in a font processing library. The second stage of the attack exploited a highly exploitable security vulnerability within the memory mapping code, providing unauthorized access to the device's physical memory. Additionally, the attackers leveraged two security vulnerabilities to bypass the hardware security features of Apple's latest processor.
Furthermore, researchers made a significant discovery, revealing that attackers possessed a platform allowing them to remotely infect Apple devices via iMessage without requiring user interaction. They could also execute attacks through the Safari web browser. This breakthrough paved the way for the identification and subsequent resolution of the fifth security vulnerability.
The Apple team has officially released security updates that address the four zero-day vulnerabilities, namely CVE-2023-32434, CVE-2023-32435, CVE-2023-38606, and CVE-2023-41990, which were discovered by security researchers. These vulnerabilities had far-reaching implications, affecting a broad spectrum of Apple products, including iPhone, iPod, iPad, macOS devices, Apple TV, and Apple Watch.
