Zero-click iOS malware attack via iMessage infects iPhones running iOS 15.7 and earlier – Kaspersky appeared first on MacDailyNews. Zero-click iOS malware attack via iMessage infects iPhones running iOS 15.7 and earlier – Kaspersky appeared first on MacDailyNews. Zero-click iOS malware attack via iMessage infects iPhones running iOS 15.7 and earlier – Kaspersky appeared first on MacDailyNews. Zero-click iOS malware attack via iMessage infects iPhones running iOS 15.7 and earlier – Kaspersky appeared first on MacDailyNews.

Zero-click iOS malware attack via iMessa…

06.02.2023
Antivirus provider Kaspersky has discovered a malware campaign targeting iPhones running up to iOS 15.7 via iMessage. Importantly, this zero-click/tap malware can be found and blocked. Kaspersky: ince it is

Antivirus provider Kaspersky has discovered a malware campaign targeting iPhones running up to iOS 15.7 via iMessage. Importantly, this zero-click/tap malware can be found and blocked.

bits

Kaspersky:

ince it is impossible to inspect modern iOS devices from the inside, we created offline backups of the devices in question, inspected them using the Mobile Verification Toolkit’s mvt-ios and discovered traces of compromise.

We are calling this campaign “Operation Triangulation”, and all the related information we have on it will be collected on the Operation Triangulation page.

This allowed [us] to move the research forward, and to reconstruct the general infection sequence:

• The target iOS device receives a message via the iMessage service, with an attachment containing an exploit.
• Without any user interaction, the message triggers a vulnerability that leads to code execution.
• The code within the exploit downloads several subsequent stages from the C&C server, that include additional exploits for privilege escalation.
• After successful exploitation, a final payload is downloaded from the C&C server, that is a fully-featured APT platform.
• The initial message and the exploit in the attachment is deleted

The malicious toolset does not support persistence, most likely due to the limitations of the OS. The timelines of multiple devices indicate that they may be reinfected after rebooting. The oldest traces of infection that we discovered happened in 2019. As of the time of writing in June 2023, the attack is ongoing, and the most recent version of the devices successfully targeted is iOS 15.7.

The analysis of the final payload is not finished yet. The code is run with root privileges, implements a set of commands for collecting system and user information, and can run arbitrary code downloaded as plugin modules from the C&C server.

It is important to note, that, although the malware includes portions of code dedicated specifically to clear the traces of compromise, it is possible to reliably identify if the device was compromised. Furthermore, if a new device was set up by migrating user data from an older device, the iTunes backup of that device will contain the traces of compromise that happened to both devices, with correct timestamps.

MacDailyNews Take: In the full blog post, Kaspersky has a somewhat technical way to identify and strip to malware from backups, but, if your device allows, update to iOS 16.5 (released May 18, 2023) ASAP.

Please help support MacDailyNews. Click or tap here to support our independent tech blog. Thank you!

Support MacDailyNews at no extra cost to you by using this link to shop at Amazon.

The post Zero-click iOS malware attack via iMessage infects iPhones running iOS 15.7 and earlier – Kaspersky appeared first on MacDailyNews.

original link


You may also be interested in this

AirPods Pro getting a big…

06.05.2023
WWDC is a software-focused event, and Apple did not forget AirPods Pro with the company previewing Adaptive Audio and better switching arriving in the fall operating system updates.Adaptive Audio for

Today in Apple history: T…

10.09.2023
On October 9, 1991, Apple was ordered to pay out $26.5 million to The Beatles' record label and holding company Apple Corps. (via Cult of Mac - Tech and culture

Peak packs themes and wid…

07.07.2023
We can all use a little encouragement in our lives to stay active, and that’s what the new Peak app strives to do. The new app by indie developer Harshil

Apollo shutting down due …

06.08.2023
UGH. We’ve been tracking the negative effect that Reddit’s decision to begin charging for access to its API has had on third-party clients including Apollo. Now the developer of the

Apple Seeds iOS 18.1 and …

10.21.2024
Apple today provided developers and public beta testers with the release candidate versions of iOS 18.1 and iPadOS 18.1 to continue testing Apple Intelligence features. The release candidate software comes

The best phone to buy rig…

05.22.2023
Photo Illustration by William Joel / The Verge Bad news: flagship phones cost a small fortune these days. Good news: we can help you pick the right one and get

Get a full day of power f…

06.13.2023
The early bird sale on Bluetti's new midrange power generator, the AC180, starts Wednesday. Save up to 15% on this portable power station. (via Cult of Mac - Tech and

YouTube Music officially …

04.28.2023
Following the February announcement and March testing, podcasts are now officially rolling out to YouTube Music users in the US. more… The post YouTube Music officially launching podcasts in the

Popular Posts

Click it!

Search

ipinfo.io

user online188
your visit count
your ID
cityipinfo.io error
postalipinfo.io error
regionipinfo.io error
countryipinfo.io error
timezoneipinfo.io error
locipinfo.io error, ipinfo.io error
orgipinfo.io error
hostipinfo.io error
OSUnknown Operating System
IP216.73.216.31
languageipinfo.io error
browser ↓
Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)

support me with your mouse

findip.net

user online188
your visit count
your ID
cityColumbus
continentNA
countryUnited States
system16509
providerAmazon.com
Time ZoneAmerica/New_York
Weather CodeUSOH0212
Subdivision NameFranklin
loc39.9612,-82.9988
orgAmazon.com, Inc.
connectionCorporate
OSUnknown Operating System
IP216.73.216.31
connectionCorporate
browser ↓
Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)

Recent

X

A whimsical homage to the days in black and white, celebrating the magic of Mac OS. Dress up your blog with retro, chunky-grade pixellated graphics to evoke some serious computer nostalgia. Supports a custom menu, custom header image, custom background, two footer widget areas, and a full-width page template. I updated Stuart Brown's 2011 masterpiece to meet the needs of the times, made it responsive , got dark mode, custom search widget and more.You can download it from tigaman.com, where you can also find more useful code snippets and plugins to get even more out of wordpress.