Security News > 2023 > June > Apple fixes zero-days used to deploy Triangulation spyware via iMessage

Apple fixes zero-days used to deploy Triangulation spyware via iMessage
2023-06-21 18:31

Apple addressed three new zero-day vulnerabilities exploited in attacks installing Triangulation spyware on iPhones via iMessage zero-click exploits.

The attacks started in 2019 and are still ongoing, according to Kaspersky, who reported in early June that some iPhones on its network were infected with previously unknown spyware via iMessage zero-click exploits that exploited iOS zero-day bugs.

Russia's FSB intelligence and security agency also claimed after Kaspersky's report was published that Apple provided the NSA with a backdoor to help infect iPhones in Russia with spyware.

"We have never worked with any government to insert a backdoor into any Apple product and never will," an Apple spokesperson told BleepingComputer.

Last month, the company fixed three more zero-days, the first reported by Google Threat Analysis Group and Amnesty International Security Lab researchers and likely used to install commercial spyware.

In April, Apple fixed two other zero-days that were deployed as part of exploit chains of Android, iOS, and Chrome zero-day and n-day flaws, and abused to deploy mercenary spyware on devices belonging to high-risk targets worldwide.


News URL

https://www.bleepingcomputer.com/news/apple/apple-fixes-zero-days-used-to-deploy-triangulation-spyware-via-imessage/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 72 238 1567 2279 265 4349