In an update to previous reports, Kaspersky’s Global Research and Analysis Team (GReAT) has disclosed new insights into the notorious Operation Triangulation at the recent Security Analyst Summit.
The investigation delves into the complex cyber assault that targeted both the public and Kaspersky’s own employees, offering fresh details on the attack chain and its implications for iOS security.
The novel analysis revealed that the attack exploited five vulnerabilities, four of which were previously unknown zero-day flaws.
Kaspersky experts have pinpointed an initial point of entry, which was traced back to a vulnerability in a font processing library. The second point of vulnerability was a reportedly easily exploitable flaw in the memory mapping code, providing unauthorized access to the device’s physical memory.
Furthermore, the attackers leveraged two additional vulnerabilities to circumvent the latest hardware security measures of Apple processors.
In their investigation, Kaspersky also noted that, apart from the ability to infect Apple devices remotely through iMessage without any user interaction, the attackers had the means to carry out attacks via the Safari web browser. Consequently, this led to the identification of a fifth vulnerability.
“The hardware-based security features of devices with newer Apple chips significantly bolster their resilience against cyber-attacks. But they are not invulnerable,” explained Boris Larin, principal security researcher at Kaspersky’s GReAT.
“Operation Triangulation is a reminder to exercise caution when handling iMessage attachments from unfamiliar sources.”
Apple has officially released security updates to address these four zero-day vulnerabilities (CVE-2023-32434, CVE-2023-32435, CVE-2023-38606, CVE-2023-41990), which affect a wide range of Apple products, including iPhones, iPods, iPads, macOS devices, Apple TV and Apple Watch.
“Drawing insights from the strategies employed in Operation Triangulation offers valuable guidance. Additionally, finding a balance between system closedness and accessibility may contribute to an enhanced security posture,” Larin concluded.
Kaspersky’s experts recommended a multi-layered security approach to defend against similar threats. They urged users to regularly update their systems, exercise caution with unsolicited messages and provide their security teams with access to threat intelligence. The company intends to provide more technical details about Operation Triangulation in the near future.