Security News > 2023 > June > Apple squashes kernel bug used by TriangleDB spyware

Apple squashes kernel bug used by TriangleDB spyware
2023-06-21 20:26

Whoever is infecting people's iPhones with the TriangleDB spyware may be targeting macOS computers with similar malware, according to Kaspersky researchers.

In the security shop's ongoing analysis of the smartphone snooping campaign - during which attackers exploit a kernel vulnerability to obtain root privileges and install TriangleDB on victims' handsets - Kaspersky analysts uncovered 24 commands provided by the malware that can be used for a range of illicit activities; everything from stealing data, to tracking the victim's geolocation, and terminating processes.

TriangleDB is the mystery spyware that Kaspersky found running on its own management's devices.

Apple pushed software updates to fix the kernel vulnerability uncovered by the Kaspersky researchers during their TriangleDB analysis.

At the time, a Kaspersky spokesperson told The Register it was aware of the FSB's claims, but couldn't say if the two things - America allegedly backdooring iPhones, and the spyware found on several Kaspersky devices - were linked.

The implant sends heartbeat pings to the C2 server with system information, and the server responds to these messages with commands, all of which have names starting with CRX. Kaspersky's researchers analyzed two dozen of these commands, and said they can be used to make the spyware interact with processes and the filesystem to create and remove files.


News URL

https://go.theregister.com/feed/www.theregister.com/2023/06/21/apple_patches_triangledb_spyware/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 68 212 1433 2208 257 4110
Kernel 3 0 8 4 1 13