Apple has issued a patch to address the "Triangulation" spyware, a mysterious malware that has been infecting iPhones in Russia and at antivirus provider Kaspersky. The patch was released for iOS, macOS, iPadOS, and watchOS following Kaspersky's disclosure of the spyware three weeks prior. The Triangulation spyware is particularly alarming, as it can infect iPhones through malicious iMessage texts, with no user interaction required.
The spyware exploits a previously unknown flaw in Apple's software, which allows it to execute arbitrary code with kernel privileges, tampering with the core part of the operating system. Additionally, it takes advantage of a second flaw in the older iOS 15, involving WebKit, the browser engine for Safari. In response, Apple has released patches for iPhone models as far back as the 6s.
Kaspersky's investigation into the Triangulation spyware revealed that it differs significantly from other spyware tied to commercial surveillance companies, such as Israel's NSO Group. The antivirus provider confirmed that the malware can exploit the iOS kernel to gain root privileges, deploying a spyware implant that operates within the device's RAM memory. This means that all traces of the implant are lost when the device is rebooted, making it difficult for security researchers to uncover the spyware.
The implant uninstalls itself after 30 days unless the attackers extend its presence on the device. Kaspersky noted that it took around six months to gather sufficient evidence on how the spyware largely functions. The implant can receive orders from a primary and fallback command-and-control server and is designed with at least 24 commands. These include stealing files from the device, monitoring the user's location, pilfering passwords, and running other malicious programs.
In response to the Triangulation spyware threat, Apple has acted promptly, releasing patches for various Apple devices, including older iPhone models. Users should ensure that their devices are updated with the latest patches to protect against this powerful and elusive spyware. As the malware landscape continues to evolve, it is crucial for companies like Apple and security researchers like Kaspersky to work together to combat emerging threats and protect user security.