URGENT: iPhone Units Compromised by Zero-Day Flaws and Spyware – Take Action Now!

A new report from security researchers at Kaspersky reveals a sophisticated spyware campaign that targeted thousands of iPhone units over the last four years. The attack, known as “Triangulation,” utilized a previously unknown hardware vulnerability to infect iPhones belonging to Kaspersky employees and individuals working in embassies and diplomatic missions in Russia.

The spyware was disseminated through iMessage texts, requiring no action from the victim to infect the device. Once infected, the attackers were able to access microphone recordings, photos, geolocation data, and other sensitive information from the compromised iPhones. Even rebooting the devices did not rid them of the infection, as the attackers would simply send a new text loaded with spyware to re-infect the device.

The exploit, which Kaspersky researcher Boris Larin described as both sophisticated and obscure, took advantage of four zero-day vulnerabilities. Apple has since patched these flaws with the following catalog numbers: CVE-2023-32434, CVE-2023-32435, CVE-2023-38606, and CVE-2023-41990. The vulnerabilities not only affected iPhone models but also impacted iPads, iPods, Macs, Apple TVs, and Apple Watches.

Larin emphasized the challenge of discovering and addressing the closed ecosystem of iOS, highlighting the need for a comprehensive understanding of both hardware and software architectures. He also pointed out that even advanced hardware-based protections can be rendered ineffective in the face of a sophisticated attacker.

Speculations surrounding the source of the attack have pointed at the U.S. National Security Agency (NSA) working with Apple, according to Russia’s Federal Security Service. However, Kaspersky stated that it has no evidence to support these claims.

The discovery of this spyware campaign underscores the importance of ongoing vigilance and proactive security measures to protect against sophisticated attacks. Apple’s patching of the vulnerabilities on their devices is a crucial step in mitigating such threats in the future.