Update your iPhone & iPad now! Patch released after malware found on Kaspersky Labs devices (June 2023)

Apple, the global technology giant, has announced a new patch has been released to resolve to two significant security flaws in its iPhone and iPad devices. These vulnerabilities were found to have been exploited as part of a broad hacking campaign, which at this time is believed to have been primarily targeting Russian users. The campaign was of such severity that the Russian intelligence services pointed fingers at the United States, however there has been no evidence surrounding the exploit that can provide any evidence to substantiate that claim.

The security breaches were brought to light by the Russian cyber security software maker, Kaspersky Lab, who had identified that their senior employees were among the victims of the targeted attacks. The attack was orchestrated through an iMessage containing a malicious attachment. Once received, even without being opened, the recipient’s device would be compromised, giving the attacker the ability to run code on the devices. Turning the device off and on would eliminate the infection and it has been found that Apple’s optional Lockdown Mode was also successful in blocking these attacks, however this is still as significant issue for Apple who have released updates to their devices to fix the security hole.

Upon investigating the hack, Kaspersky discovered the installation of a sophisticated iOS implant named “TriangleDB” after infection. This malicious code held 24 commands, allowing the hackers to extract passwords from Apple’s Keychain, monitor the geolocation of devices, and modify or export files. The implant was designed to function solely in memory, leaving no traces of its activities following a device reboot. Such capabilities demonstrated a high level of sophistication and diverse data collection and tracking abilities of the attack. It is unknown at this time if any information which was gathered through the malware has been used to exploit those effected.

Apple responded swiftly to the revelations, releasing patches for the security flaws. The fixes apply to iPhones running iOS 15.7 or earlier, which became outdated in September 2022. More recent versions of the operating system already contained improvements that rendered them impervious to the attack, however an update has also been released for current generation devices this past week too. Apple reported that 90% of customers who bought devices in the past four years had already updated to iOS 16, the latest major release. Kaspersky has publicly acknowledged Apple’s efforts to rectify the situation and appreciated their collaboration in the analysis and repair of the flaws. With this latest round of fixes, Apple has resolved a total of nine zero-day flaws in its products since the start of the year.

Cyber Security specialists have stated that the “Triangulation” attack method used in this case, shares similarities with techniques used by some international high-end spyware vendors. The U.S. and other authorities have previously blacklisted groups such as NSO for its dealings with governments that subsequently use their tools to spy on their citizens. This incident is one of many recently that highlight the continuing global concerns surrounding cyber security and the pivotal role of tech giants such as Apple in ensuring user safety and trust.

At One2Call we believe that it is important to keep our entire customer base updated with the latest Cyber Security threats that they may face so that they can take the actions needed to protect themselves. However, not all Cyber Threats are business focussed, and when it comes to threats such as your personal security and your personal devices, it is important that everyone can take the actions needed to protect themselves from evolving cyber threats.

To check if your iPhone or iPad need updating, go to Settings > General > Software Update, to check if you have any updates available today.