Zero-click iOS malware attack via iMessage infects iPhones running iOS 15.7 and earlier – Kaspersky appeared first on MacDailyNews. Zero-click iOS malware attack via iMessage infects iPhones running iOS 15.7 and earlier – Kaspersky appeared first on MacDailyNews. Zero-click iOS malware attack via iMessage infects iPhones running iOS 15.7 and earlier – Kaspersky appeared first on MacDailyNews. Zero-click iOS malware attack via iMessage infects iPhones running iOS 15.7 and earlier – Kaspersky appeared first on MacDailyNews.
Antivirus provider Kaspersky has discovered a malware campaign targeting iPhones running up to iOS 15.7 via iMessage. Importantly, this zero-click/tap malware can be found and blocked. Kaspersky: ince it is

Antivirus provider Kaspersky has discovered a malware campaign targeting iPhones running up to iOS 15.7 via iMessage. Importantly, this zero-click/tap malware can be found and blocked.

bits

Kaspersky:

ince it is impossible to inspect modern iOS devices from the inside, we created offline backups of the devices in question, inspected them using the Mobile Verification Toolkit’s mvt-ios and discovered traces of compromise.

We are calling this campaign “Operation Triangulation”, and all the related information we have on it will be collected on the Operation Triangulation page.

This allowed [us] to move the research forward, and to reconstruct the general infection sequence:

• The target iOS device receives a message via the iMessage service, with an attachment containing an exploit.
• Without any user interaction, the message triggers a vulnerability that leads to code execution.
• The code within the exploit downloads several subsequent stages from the C&C server, that include additional exploits for privilege escalation.
• After successful exploitation, a final payload is downloaded from the C&C server, that is a fully-featured APT platform.
• The initial message and the exploit in the attachment is deleted

The malicious toolset does not support persistence, most likely due to the limitations of the OS. The timelines of multiple devices indicate that they may be reinfected after rebooting. The oldest traces of infection that we discovered happened in 2019. As of the time of writing in June 2023, the attack is ongoing, and the most recent version of the devices successfully targeted is iOS 15.7.

The analysis of the final payload is not finished yet. The code is run with root privileges, implements a set of commands for collecting system and user information, and can run arbitrary code downloaded as plugin modules from the C&C server.

It is important to note, that, although the malware includes portions of code dedicated specifically to clear the traces of compromise, it is possible to reliably identify if the device was compromised. Furthermore, if a new device was set up by migrating user data from an older device, the iTunes backup of that device will contain the traces of compromise that happened to both devices, with correct timestamps.

MacDailyNews Take: In the full blog post, Kaspersky has a somewhat technical way to identify and strip to malware from backups, but, if your device allows, update to iOS 16.5 (released May 18, 2023) ASAP.

Please help support MacDailyNews. Click or tap here to support our independent tech blog. Thank you!

Support MacDailyNews at no extra cost to you by using this link to shop at Amazon.

The post Zero-click iOS malware attack via iMessage infects iPhones running iOS 15.7 and earlier – Kaspersky appeared first on MacDailyNews.

original link


You may also be interested in this

Will Diablo 4 be Availabl…

The long-awaited Diablo 4 finally made its grand entrance on June 5, 2023, receiving reviews from fans and… The post Will Diablo 4 be Available for Mac? appeared first on

Jony Ive returns to hardw…

Working for free out of pure love, Jony Ive and his LoveFrom firm tweaked a classic turntable's design for its 50th anniversary. (via Cult of Mac - Tech and culture

Apple plans ‘controlled’ …

WWDC attendees and media can try it in a large new structure at Apple Park, and in future demos throughout the summer. (via Cult of Mac - Tech and culture

Hands-On With the M2 Ultr…

Apple at WWDC surprised us with the M2 Ultra chip, which is the key feature in the new second-generation Mac Studio. We thought we'd compare it to the first-generation ‌Mac

Color MagSafe chargers pr…

Apple offers color-coded MagSafe cables, to match its MacBook finishes, and also tested out color MagSafe chargers, likely to match iPhone colors. However, while the company got as far as

Belkin packs noise cancel…

Belkin SoundForm Pulse earbuds will cost $119.99 and feature ANC and multipoint Bluetooth connectivity. (via Cult of Mac - Tech and culture through an Apple lens)

Vice wag: Apple’s Vision …

“Apple’s Vision Pro Is a $3,500 Ticket to Nowhere, Janus Rose’s latest article for Vice is headlined, with the sub-headline, “A decade after Facebook bought Oculus, VR still has no

Apple adds ‘reality…

More trademark filings related to Apple's mixed-reality headset have surfaced, with realityproOS' joining a growing list of terms for the inbound VR-AR ecosystem.A render of a potential Apple headset [AppleInsider]Early
X

A whimsical homage to the days in black and white, celebrating the magic of Mac OS. Dress up your blog with retro, chunky-grade pixellated graphics to evoke some serious computer nostalgia. Supports a custom menu, custom header image, custom background, two footer widget areas, and a full-width page template. I updated Stuart Brown's 2011 masterpiece to meet the needs of the times, made it responsive , got dark mode, custom search widget and more.You can download it from tigaman.com, where you can also find more useful code snippets and plugins to get even more out of wordpress.