The National Telecommunication and Information Security Board (NTISB) has warned that threat actors are targeting iPhones with zero-click spyware, multiphase polymorphic and self-destructive malware.
The Board has issued an advisory “Threat Actors Spying on iPhones Through Zero-Click Spyware”, while saying that reportedly, threat actors are targeting iPhones with zero-click spyware, multiphase polymorphic and self-destructive malware. The campaign is considered a part of sophisticated and long-running mobile espionage and data exfiltration activity termed as Operation Triangulation.
The advisory noted that operation triangulation has recently been unearthed, however, it was running since 2019. Russia has accused the US and Apple for facilitating spying activities, though Apple has denied such allegations.
The advisory noted that technical details and modus operandi of operation triangulation are as: (a) during initial phase, victims are infected using zero-click exploits via the iMessage platform. Malware runs with root privilege, gaining complete control of the victim’s devices and data, (b) attack begins with iOS devices receiving a message via iMessage containing malicious attachment, (c) as it is a zero-day, the message triggers malware execution automatically without any user interaction and notice, (d) the malware downloads payloads from download server and further exfiltrates victim’s data to remote servers.
In the final phase, both the initial iMessage text and malicious attachment are deleted automatically to erase traces (crafted evasion). Most recent version, which has been successfully targeted is iOS 15.7.
The Board has recommended that (a) all iPhone users should update to latest versions (iOS 16.4.1 or above) (b) Keep iMessages off/blocked (c) Avoid storing official data/correspondence in mobile phone, (d) Certain Remote C&C servers domains/URLs should be blocked at firewall by administrators.
In another advisory “Critical Vulnerabilities in Apple Products”, the Board has stated that Apple has released security updates for critical vulnerabilities including one zero day (CVE-2023-38606; Kernel State Modification Vulnerability). CVE-2023-38606 is being exploited by threat actors in connection to Operation Triangulation to execute malicious code with kernel privileges and gain unauthorized access of victim devices. All Apple products (iPhone, iPad, iPod, macOS, tvOS and watchOS) are affected with above mentioned vulnerability and consequently patches/updated versions are available.
The Board has advised Apple users to update to following latest versions from official Apple store: a. iOS – Version 16.6 and 15.7.8 b. tvOS – Version 16.6 c. iPadOS – Version 16.6 and 15.7.8 d. watchOS – Version 9.6 e. iPodOS – Version 16.6 and 15.7.8 f. macOS Ventura – Version 13.5 g. macOS Monterey – Version 12.6.8 h. macOS Big Sur – Version 11.7.9.
Get the latest tech news, telecom insights, and product launches wherever you prefer.
Add ProPakistani to Preferred Sources and see more of our stories in Google Search and Top Stories.