Zero-click iOS malware attack via iMessage infects iPhones running iOS 15.7 and earlier – Kaspersky appeared first on MacDailyNews. Zero-click iOS malware attack via iMessage infects iPhones running iOS 15.7 and earlier – Kaspersky appeared first on MacDailyNews. Zero-click iOS malware attack via iMessage infects iPhones running iOS 15.7 and earlier – Kaspersky appeared first on MacDailyNews. Zero-click iOS malware attack via iMessage infects iPhones running iOS 15.7 and earlier – Kaspersky appeared first on MacDailyNews.
Antivirus provider Kaspersky has discovered a malware campaign targeting iPhones running up to iOS 15.7 via iMessage. Importantly, this zero-click/tap malware can be found and blocked. Kaspersky: ince it is

Antivirus provider Kaspersky has discovered a malware campaign targeting iPhones running up to iOS 15.7 via iMessage. Importantly, this zero-click/tap malware can be found and blocked.

bits

Kaspersky:

ince it is impossible to inspect modern iOS devices from the inside, we created offline backups of the devices in question, inspected them using the Mobile Verification Toolkit’s mvt-ios and discovered traces of compromise.

We are calling this campaign “Operation Triangulation”, and all the related information we have on it will be collected on the Operation Triangulation page.

This allowed [us] to move the research forward, and to reconstruct the general infection sequence:

• The target iOS device receives a message via the iMessage service, with an attachment containing an exploit.
• Without any user interaction, the message triggers a vulnerability that leads to code execution.
• The code within the exploit downloads several subsequent stages from the C&C server, that include additional exploits for privilege escalation.
• After successful exploitation, a final payload is downloaded from the C&C server, that is a fully-featured APT platform.
• The initial message and the exploit in the attachment is deleted

The malicious toolset does not support persistence, most likely due to the limitations of the OS. The timelines of multiple devices indicate that they may be reinfected after rebooting. The oldest traces of infection that we discovered happened in 2019. As of the time of writing in June 2023, the attack is ongoing, and the most recent version of the devices successfully targeted is iOS 15.7.

The analysis of the final payload is not finished yet. The code is run with root privileges, implements a set of commands for collecting system and user information, and can run arbitrary code downloaded as plugin modules from the C&C server.

It is important to note, that, although the malware includes portions of code dedicated specifically to clear the traces of compromise, it is possible to reliably identify if the device was compromised. Furthermore, if a new device was set up by migrating user data from an older device, the iTunes backup of that device will contain the traces of compromise that happened to both devices, with correct timestamps.

MacDailyNews Take: In the full blog post, Kaspersky has a somewhat technical way to identify and strip to malware from backups, but, if your device allows, update to iOS 16.5 (released May 18, 2023) ASAP.

Please help support MacDailyNews. Click or tap here to support our independent tech blog. Thank you!

Support MacDailyNews at no extra cost to you by using this link to shop at Amazon.

The post Zero-click iOS malware attack via iMessage infects iPhones running iOS 15.7 and earlier – Kaspersky appeared first on MacDailyNews.

original link


You may also be interested in this

There’s a new software up…

Apple has released a new software update for Apple Watch that all users should download and install today. The update is available for Apple Watch Series 4 and later, Apple

The best AirPods deals th…

Macworld Apple’s AirPods wireless headphones offer an iconic look, exceptional convenience, and strong audio quality. They come with a premium price tag, however, so it’s important to shop around for

Today in Apple history: S…

On May 11, 1998, Steve Jobs spelled out the future of the Mac operating system. The big news? OS X was scheduled to arrive the following year. (via Cult of

Apple’s online stor…

Backing up the expectation that new Macs will be announced at WWDC 2023, Apple has temporarily shut down its online store and posted a link to watch the keynote at

How to manage browser tab…

A recent study finds that web browser clutter causes stress for many people. But Apple offers tools to organize tabs and cut the clutter. (via Cult of Mac - Tech

Apple’s Liquid Glass was …

After staring at, scrolling through, and puzzling over Apple's new Liquid Glass design language on my iPhone for the better part of an afternoon, I don't hate it. But I

Apple restarts beta cycle…

Apple has restarted the beta program with macOS Ventura 13.5, which is now available to download for developer testing.Apple releases new macOS betaDevelopers who are part of the beta program

Apple wants to improve Me…

Apple research is focusing on how to further crack the surprisingly tricky business of turning the spoken word into emojis — and then adjusting that emoji to suit what a
X

A whimsical homage to the days in black and white, celebrating the magic of Mac OS. Dress up your blog with retro, chunky-grade pixellated graphics to evoke some serious computer nostalgia. Supports a custom menu, custom header image, custom background, two footer widget areas, and a full-width page template. I updated Stuart Brown's 2011 masterpiece to meet the needs of the times, made it responsive , got dark mode, custom search widget and more.You can download it from tigaman.com, where you can also find more useful code snippets and plugins to get even more out of wordpress.