Security News > 2023 > June > Apple fixes zero-day vulnerabilities used to covertly deliver spyware (CVE-2023-32435)

Apple has released patches for three zero-day vulnerabilities exploited in the wild.

Referencing Kaspersky's findings, Apple says that those last two vulnerabilities "May have been actively exploited against versions of iOS released before iOS 15.7.".

At the beginning of June, Kaspersky security researchers revealed that some of their corporate iOS devices have been saddled with previously unknown spyware.

"The oldest traces of infection that we discovered happened in 2019. As of the time of writing in June 2023, the attack is ongoing, and the most recent version of the devices successfully targeted is iOS 15.7," they added.

"The implant [] is deployed after the attackers obtain root privileges on the target iOS device by exploiting a kernel vulnerability. It is deployed in memory, meaning that all traces of the implant are lost when the device gets rebooted. Therefore, if the victim reboots their device, the attackers have to reinfect it by sending an iMessage with a malicious attachment, thus launching the whole exploitation chain again. In case no reboot occurs, the implant uninstalls itself after 30 days, unless this period is extended by the attackers."

The implant is capable of manipulating and exfiltrating files, terminating processes, retrieve keychain entries of the infected device, pinpointing the device's location, and running additional modules.

News URL

https://www.helpnetsecurity.com/2023/06/22/spyware-cve-2023-32435/