Apple Responds to Zero-Day Vulnerabilities with Rapid Patch Release
In an urgent response to active threats, Apple has issued a series of software updates aimed at patching various security vulnerabilities that were being exploited in the wild. The updates target a wide range of the tech giant’s products, including iOS, iPadOS, macOS, watchOS, and the Safari browser. The flaws in question include a pair of zero-days that have been employed in a mobile surveillance campaign named Operation Triangulation, active since 2019.
The company’s security advisory noted two primary vulnerabilities, both of which were believed to have been actively exploited. CVE-2023-32434 refers to an integer overflow vulnerability in the Kernel that could be exploited by a malicious app to execute arbitrary code with kernel privileges.
The other, CVE-2023-32435, is a memory corruption vulnerability in WebKit that could lead to arbitrary code execution when processing specially crafted web content. These vulnerabilities, among others, were identified and reported by Kaspersky researchers Georgy Kucherin, Leonid Bezvershenko, and Boris Larin.
Apple has also addressed a third zero-day, CVE-2023-32439, which was anonymously reported. This could result in arbitrary code execution when processing malicious web content.
The Russian cybersecurity vendor highlighted the spyware implant used in the zero-click attack campaign that targeted iOS devices through iMessages carrying an attachment embedded with an exploit for a remote code execution (RCE) vulnerability. The exploit code was designed to download additional components to gain root privileges on the target device, after which a backdoor is deployed in memory and the initial iMessage is deleted to conceal the infection trail.
The sophisticated implant, referred to as TriangleDB, operates solely in the memory, leaving no traces of the activity following a device reboot. It also comes with diverse data collection and tracking capabilities, including interacting with the device’s file system, managing processes, extracting keychain items to gather victim credentials, and monitoring the victim’s geolocation.
Apple’s security patches are available for a wide range of platforms
- iOS 16.5.1 and iPadOS 16.5.1: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.
- iOS 15.7.7 and iPadOS 15.7.7: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation).
- macOS Ventura 13.4.1, macOS Monterey 12.6.7, and macOS Big Sur 11.7.8.
- watchOS 9.5.2: Apple Watch Series 4 and later.
- watchOS 8.8.1: Apple Watch Series 3, Series 4, Series 5, Series 6, Series 7, and SE.
- Safari 16.5.1: Macs running macOS Monterey.
With this latest round of fixes, Apple has addressed a total of nine zero-day flaws in its products since the beginning of the year. Earlier, in February, the company plugged a WebKit flaw that could lead to remote code execution.
