Cyber attack: ‘Operation Triangulation’ can access memory, take control of iOS device, says Kaspersky
PTI, Oct 27, 2023, 11:19 AM IST
Image credit: Kaspersky
Operation Triangulation, a cyber threat targeting iOS devices, is capable of accessing the physical memory without user interaction and takes complete control over the device, cyber security firm Kaspersky said.
iOS mobile operating system has been developed by Apple for its devices including iPhones and iPads.
Kaspersky, which has presence in India, made the revelation in a research report released at the Security Analyst Summit (SAS) in Phuket. The advanced persistent threat (APT) campaign targeting iOS devices has been uncovered by Kaspersky’s Global Research and Analysis Team (GReAT).
According to the report, Operation Triangulation employs a sophisticated method of distributing zero-click exploits via iMessage, ultimately taking complete control over the device and its user data.
The company experts unveiled ”previously undisclosed details of the attack chain that took advantage of five vulnerabilities, four of which were previously unknown”, the report said.
The experts identified an initial entry point through a font processing library vulnerability. The second, an extremely powerful and trivially exploitable vulnerability in the memory mapping code allowed access to the device’s physical memory, it said.
Additionally, attackers exploited two more vulnerabilities to bypass the latest Apple processor’s hardware security features. Researches also discovered that apart from having the capability to remotely infect Apple devices through iMessage without user interaction, the attackers also had a platform to carry out attacks via the Safari web browser. This prompted the discovery and fixing of a fifth vulnerability, Kaspersky said.
”The hardware-based security features of devices with newer Apple chips significantly bolster their resilience against cyber attacks. But they are not invulnerable. Operation Triangulation serves as a reminder to exercise caution when handling iMessage attachments from unfamiliar sources,” Boris Larin, Principal Security Researcher at Kaspersky’s GReAT, said.
Drawing insights from the strategies employed in Operation Triangulation can offer valuable guidance. Also, finding a balance between system’s closeness and accessibility may contribute to an enhanced security posture, Larin said.
”While Kaspersky’s victims include company’s top and middle management as well as researchers based in Russia, Europe and META, the company was not the only target of the attack,” it said.
Kaspersky researchers have suggested updating operating system, applications and antivirus software regularly to patch any known vulnerabilities.
The experts also suggest verifying the sender’s identity before sharing any personal details or clicking on suspicious links, and remaining cautious of emails, messages, or calls asking for sensitive information.
Headquartered in Moscow, Kaspersky is a global cybersecurity and digital privacy company. Its security portfolio includes leading end-point protection, specialised security products and services, as well as cyber-immune solutions to fight sophisticated and evolving digital threats.
Udayavani is now on Telegram. Click here to join our channel and stay updated with the latest news.
Top News
Related Articles More
RG Kar protests: SC orders SIT probe into custodial torture case, weekly reports before HC
Burglars decamp with cash Rs 1 crore, 300 gold sovereigns from house in Kerala
No ‘formula’ under discussion for CM’s post: Ajit Pawar
Raut demands re-election, alleges irregularities in EVMs during Maharashtra polls
Raut demands re-election, alleges irregularities in EVMs during Maharashtra polls
MUST WATCH
Latest Additions
RG Kar protests: SC orders SIT probe into custodial torture case, weekly reports before HC
Dr. D. Veerendra Heggade sets record for ‘Largest Single-Man Collection of Antiques’
Rapid digital expansion to create over 1 lakh new jobs in fiber tech in India in next 5 years
Burglars decamp with cash Rs 1 crore, 300 gold sovereigns from house in Kerala
No ‘formula’ under discussion for CM’s post: Ajit Pawar
Thanks for visiting Udayavani
You seem to have an Ad Blocker on.
To continue reading, please turn it off or whitelist Udayavani.