Tuesday, June 27, 2023

Triangulation Exploit

Howard Oakley:

Most of the flurry of updates is in response to recent reports from Kaspersky about malware, in what they refer to as Triangulation or TriangleDB. Its researchers have discovered evidence of infection of iOS devices going back as long as four years, in a series of attacks that have continued with iOS 15.7. In a series of research articles published this month, Kaspersky’s researchers have revealed how devices have received iMessages with an attachment containing an exploit. Without any user interaction, that attachment has run and exploited vulnerabilities in iOS to launch the malware payload, gain control over the device, and install persistent malware that’s remotely controlled.

Although there’s still much to be learned about this malware, it’s now believed to be targeting macOS as well as other platforms. Apple has thus patched the vulnerability in the kernel that is thought to be exploited by the initial iMessage and its attachment. A second vulnerability in macOS affects WebKit, and is also believed to be used in an active exploit, although probably not Triangulation.


Apple would have preferred to accomplish these urgent fixes without having to release full macOS updates, using its Rapid Security Response (RSR) mechanism, as was done with macOS 13.3.1 a couple of months ago. However, that couldn’t address the vulnerability in the kernel, which still requires a proper update.


1 Comment RSS · Twitter · Mastodon

If iMessage is turned off (sms-messages only) then does it protect iPhone from this exploit and from known NSO Groups’ exploits? If it is true then anyone outside of US probably should do this. (In US there is de-facto iMessage lock-in and it is harder to do this)

Leave a Comment