Security News > 2023 > June > Apple fixes zero-days used to deploy Triangulation spyware via iMessage
Apple addressed three new zero-day vulnerabilities exploited in attacks installing Triangulation spyware on iPhones via iMessage zero-click exploits.
The attacks started in 2019 and are still ongoing, according to Kaspersky, who reported in early June that some iPhones on its network were infected with previously unknown spyware via iMessage zero-click exploits that exploited iOS zero-day bugs.
Russia's FSB intelligence and security agency also claimed after Kaspersky's report was published that Apple provided the NSA with a backdoor to help infect iPhones in Russia with spyware.
"We have never worked with any government to insert a backdoor into any Apple product and never will," an Apple spokesperson told BleepingComputer.
Last month, the company fixed three more zero-days, the first reported by Google Threat Analysis Group and Amnesty International Security Lab researchers and likely used to install commercial spyware.
In April, Apple fixed two other zero-days that were deployed as part of exploit chains of Android, iOS, and Chrome zero-day and n-day flaws, and abused to deploy mercenary spyware on devices belonging to high-risk targets worldwide.
News URL
Related news
- Google: Spyware vendors behind 50% of zero-days exploited in 2023 (source)
- Apple Updates Spyware Alert System to Warn Victims of Mercenary Attacks (source)
- Apple: Mercenary spyware attacks target iPhone users in 92 countries (source)
- Apple stops warning of 'state-sponsored' attacks, now alerts about 'mercenary spyware' (source)
- Apple Alerts iPhone Users in 92 Countries to Mercenary Spyware Attacks (source)
- Apple backports fix for RTKit iOS zero-day to older iPhones (source)
- Apple backports fix for zero-day exploited in attacks to older iPhones (source)
- Apple backports iOS zero-day patch, adds Bluetooth tracker alert (source)
- Apple fixes Safari WebKit zero-day flaw exploited at Pwn2Own (source)