Security News > 2023 > June > Apple fixes zero-days used to deploy Triangulation spyware via iMessage

Apple addressed three new zero-day vulnerabilities exploited in attacks installing Triangulation spyware on iPhones via iMessage zero-click exploits.
The attacks started in 2019 and are still ongoing, according to Kaspersky, who reported in early June that some iPhones on its network were infected with previously unknown spyware via iMessage zero-click exploits that exploited iOS zero-day bugs.
Russia's FSB intelligence and security agency also claimed after Kaspersky's report was published that Apple provided the NSA with a backdoor to help infect iPhones in Russia with spyware.
"We have never worked with any government to insert a backdoor into any Apple product and never will," an Apple spokesperson told BleepingComputer.
Last month, the company fixed three more zero-days, the first reported by Google Threat Analysis Group and Amnesty International Security Lab researchers and likely used to install commercial spyware.
In April, Apple fixed two other zero-days that were deployed as part of exploit chains of Android, iOS, and Chrome zero-day and n-day flaws, and abused to deploy mercenary spyware on devices belonging to high-risk targets worldwide.
News URL
Related news
- Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Apple backports zero-day patches to older iPhones and Macs (source)
- Apple fixes two zero-days exploited in targeted iPhone attacks (source)
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks (source)
- ⚡ Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More (source)
- Google: 97 zero-days exploited in 2024, over 50% in spyware attacks (source)