Cyber attack: ‘Operation Triangulation’ can access memory, take control of iOS device, says Kaspersky
PTI, Oct 27, 2023, 11:19 AM IST
Image credit: Kaspersky
Operation Triangulation, a cyber threat targeting iOS devices, is capable of accessing the physical memory without user interaction and takes complete control over the device, cyber security firm Kaspersky said.
iOS mobile operating system has been developed by Apple for its devices including iPhones and iPads.
Kaspersky, which has presence in India, made the revelation in a research report released at the Security Analyst Summit (SAS) in Phuket. The advanced persistent threat (APT) campaign targeting iOS devices has been uncovered by Kaspersky’s Global Research and Analysis Team (GReAT).
According to the report, Operation Triangulation employs a sophisticated method of distributing zero-click exploits via iMessage, ultimately taking complete control over the device and its user data.
The company experts unveiled ”previously undisclosed details of the attack chain that took advantage of five vulnerabilities, four of which were previously unknown”, the report said.
The experts identified an initial entry point through a font processing library vulnerability. The second, an extremely powerful and trivially exploitable vulnerability in the memory mapping code allowed access to the device’s physical memory, it said.
Additionally, attackers exploited two more vulnerabilities to bypass the latest Apple processor’s hardware security features. Researches also discovered that apart from having the capability to remotely infect Apple devices through iMessage without user interaction, the attackers also had a platform to carry out attacks via the Safari web browser. This prompted the discovery and fixing of a fifth vulnerability, Kaspersky said.
”The hardware-based security features of devices with newer Apple chips significantly bolster their resilience against cyber attacks. But they are not invulnerable. Operation Triangulation serves as a reminder to exercise caution when handling iMessage attachments from unfamiliar sources,” Boris Larin, Principal Security Researcher at Kaspersky’s GReAT, said.
Drawing insights from the strategies employed in Operation Triangulation can offer valuable guidance. Also, finding a balance between system’s closeness and accessibility may contribute to an enhanced security posture, Larin said.
”While Kaspersky’s victims include company’s top and middle management as well as researchers based in Russia, Europe and META, the company was not the only target of the attack,” it said.
Kaspersky researchers have suggested updating operating system, applications and antivirus software regularly to patch any known vulnerabilities.
The experts also suggest verifying the sender’s identity before sharing any personal details or clicking on suspicious links, and remaining cautious of emails, messages, or calls asking for sensitive information.
Headquartered in Moscow, Kaspersky is a global cybersecurity and digital privacy company. Its security portfolio includes leading end-point protection, specialised security products and services, as well as cyber-immune solutions to fight sophisticated and evolving digital threats.
Udayavani is now on Telegram. Click here to join our channel and stay updated with the latest news.
Top News
Related Articles More
Bank fraud: ED seizes jewellery, cash worth over Rs 1 cr in raids against Bhopal-based company, directors
No greater feeling than serving those in need: Outgoing CJI D Y Chandrachud
CJI Chandrachud: A legacy of landmark verdicts that shaped society and some controversy too
Akhilesh Yadav attacks BJP on demonetisation anniversary
DeMo paved way for monopolies by devastating MSMEs, informal sector: Rahul on note ban anniversary
MUST WATCH
Latest Additions
50-60% cancer cases detected in India annually are preventable, say oncologists
Finance Minister reviews progress of planetarium in Mysuru
Bank fraud: ED seizes jewellery, cash worth over Rs 1 cr in raids against Bhopal-based company, directors
“Coming soon.. 2025”: KL Rahul and Athiya Shetty announce first pregnancy
Unauthorized bus stops at signals fuel traffic woes and safety concerns
Thanks for visiting Udayavani
You seem to have an Ad Blocker on.
To continue reading, please turn it off or whitelist Udayavani.