Security News > 2023 > June > Apple fixes zero-days used to deploy Triangulation spyware via iMessage
Apple addressed three new zero-day vulnerabilities exploited in attacks installing Triangulation spyware on iPhones via iMessage zero-click exploits.
The attacks started in 2019 and are still ongoing, according to Kaspersky, who reported in early June that some iPhones on its network were infected with previously unknown spyware via iMessage zero-click exploits that exploited iOS zero-day bugs.
Russia's FSB intelligence and security agency also claimed after Kaspersky's report was published that Apple provided the NSA with a backdoor to help infect iPhones in Russia with spyware.
"We have never worked with any government to insert a backdoor into any Apple product and never will," an Apple spokesperson told BleepingComputer.
Last month, the company fixed three more zero-days, the first reported by Google Threat Analysis Group and Amnesty International Security Lab researchers and likely used to install commercial spyware.
In April, Apple fixed two other zero-days that were deployed as part of exploit chains of Android, iOS, and Chrome zero-day and n-day flaws, and abused to deploy mercenary spyware on devices belonging to high-risk targets worldwide.
News URL
Related news
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Apple Patches Two Zero-Day Attack Vectors (source)