Kaspersky Reveals More In-depth Information about Triangulation Operations
JAKARTA - Earlier this summer, Kaspersky discovered an Advanced Persistent Threat (APT) campaign targeting iOS devices, called 'Operation Triangulation'.
Kaspersky's Global Research and Analysis Team (GReAT) said the campaign used sophisticated methods to distribute zero-click exploits via iMessage, ultimately taking full control of its users' devices and data.
Kaspersky GReAT assesses that its primary purpose may involve covert user monitoring. Due to the complexity of the attack and the closed nature of the iOS ecosystem, Kaspersky conducted a more in-depth analysis of this campaign.
At the Security Analyst Summit, company experts identified an initial entry point through a font processing library vulnerability. The second, very powerful and easily exploitable vulnerability in the memory mapping code allows access to the device's physical memory.
Additionally, attackers exploited two more vulnerabilities to bypass Apple's latest processor hardware security features.
The research also found that, in addition to the ability to remotely infect Apple devices via iMessage without user interaction, attackers have a platform to carry out attacks via the Safari web browser. This led to the discovery and fixing of the fifth vulnerability.
SEE ALSO:
The Apple team has officially released security updates, addressing four zero-day vulnerabilities discovered by Kaspersky researchers. This vulnerability impacts a broad spectrum of Apple products, including iPhone, iPod, iPad, macOS devices, Apple TV, and Apple Watch.
Simultaneously with the publication of the report and the development of a special triangle_check utility, GReAT experts also created email addresses so that interested parties could contribute to the investigation.
As a result, company researchers received confirmation of cases where individuals were victims of Operation Triangulation and they provided guidance to victims to improve security.