Security News > 2023 > October > Apple drops urgent patch against obtuse TriangleDB iPhone malware
Apple pushed several security fixes on Wednesday, including one for all iPhone and iPads used before September last year that has already been exploited by cyber snoops.
This is the second patch that Apple has issued to fix the vulnerability.
In July, the company released an update addressing the same issue for nearly every iPhone and iPad model as well as Apple Watches series 3 and later, and computers running macOS Ventura, Monterey, and Big Sur.
Kaspersky researchers Georgy Kucherin, Leonid Bezvershenko, Boris Larin, and Valentin Pashkov discovered the bug and reported it to Apple.
The other three bugs discovered by Kaspersky researchers are: CVE-2023-32435, CVE-2023-38606, and CVE-2023-41990, and they were used by still-unknown cyber spies to compromise essentially all manner of Apple products.
"Following publication of the first report about the Operation Triangulation, we set up a mailbox for victims of similar attacks to be able to write to, and received emails from other users of Apple smartphones, claiming that they also found signs of infection on their devices," Kaspersky's global research and analysis team told The Register.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/10/26/apple_triangledb_exploit/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-12 | CVE-2023-41990 | Unspecified vulnerability in Apple products The issue was addressed with improved handling of caches. | 7.8 |
| 2023-07-27 | CVE-2023-38606 | Unspecified vulnerability in Apple products This issue was addressed with improved state management. | 5.5 |
| 2023-06-23 | CVE-2023-32435 | Out-of-bounds Write vulnerability in Apple products A memory corruption issue was addressed with improved state management. | 8.8 |