Thursday, November 21, 2024

Apple Patches Critical 0-Day Flaws Actively Exploited in The Wild

Apple rolled out a wide array of updates targeting iOS, iPadOS, macOS, watchOS, and the Safari browser. These updates are in response to a number of vulnerabilities that were reportedly being exploited in real-time.

Among the vulnerabilities were two zero-days that have been leveraged in a mobile surveillance operation, cryptically named “Operation Triangulation.” The campaign has been ongoing since 2019, although the exact identity of the perpetrators remains shrouded in mystery.

  • CVE-2023-32434 – An integer overflow vulnerability in the Kernel that could be exploited by a malicious app to execute arbitrary code with kernel privileges.
  • CVE-2023-32435 – A memory corruption vulnerability in WebKit that could lead to arbitrary code execution when processing specially crafted web content.

Apple, aware of the active exploitation against versions of iOS released before iOS 15.7, gave a nod to Kaspersky researchers Georgy Kucherin, Leonid Bezvershenko, and Boris Larin for bringing these issues to their attention.

The announcement came as the Russian cybersecurity giant dissected a sophisticated spyware implant deployed in the zero-click attack campaign that specifically targeted iOS devices. iMessages bearing an infected attachment served as the delivery vehicle for the remote code execution (RCE) vulnerability.

The malicious code within the exploit was designed to initiate the download of additional components. These components can gain root access on the targeted device, enabling the implantation of a backdoor in the memory and the subsequent deletion of the original iMessage, thereby covering its tracks.

Named TriangleDB, this advanced implant operates exclusively in the device memory, evaporating without leaving any signs of its activity after a device reboot. Along with its stealthy operation, TriangleDB boasts a wide array of data collection and tracking capabilities. It can interact with the device’s file system, manage processes, extract keychain items to gather victims’ credentials, and even keep an eye on the victim’s geolocation.

Recommended:  Remote Code Execution in pfSense <= 2.5.2

Additionally, Apple patched a third zero-day, identified as CVE-2023-32439, reported anonymously, capable of executing arbitrary code when processing malevolent web content.

This potentially exploited flaw, a type confusion issue, has been countered with enhanced checks. The freshly baked updates are now available for several platforms, including:

With these recent fixes, Apple has successfully addressed a total of nine zero-day flaws since the beginning of the year. They previously patched a WebKit flaw (CVE-2023-23529) in February that could lead to remote code execution. Then in April, they released updates for two bugs (CVE-2023-28205 and CVE-2023-28206) that could grant code execution with elevated privileges. In May, Apple shipped patches for three more vulnerabilities in WebKit (CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373) which could potentially allow a threat actor to circumvent sandbox protection, access sensitive data, and execute arbitrary code.

Suggest an edit to this article

Check out our new Discord Cyber Awareness Server. Stay informed with CVE Alerts, Cybersecurity News & More!

Cybersecurity Knowledge Base

Recommended:  Dridex Banking Malware Targets MacOS users with a new delivery method

Homepage

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
Please login to bookmarkClose
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

RiSec.Mitch
Just your average information security researcher from Delaware US.

more infosec reads

Subscribe for weekly updates

explore

more

security