Apple has released a patch to stop a mysterious spyware infecting iPhones in Russia and at antivirus provider Kaspersky.
Cupertino released the patches for iOS on Wednesday(Opens in a new window)macOS(Opens in a new window) iPadOS and watchOS, three weeks after Kaspersky announced it had detected so-called “triangulation” spyware on dozens of company employees’ iPhones.
The spyware raises alarms as it can infect an iPhone through malicious messages sent through iMessage. No user interaction is required.
Apple’s patch notes also indicate that the spyware is particularly powerful. By exploiting a previously unknown vulnerability in the company’s software, Cupertino says, “an app may be able to run arbitrary code with kernel privileges,” allowing it to manipulate the core part of the operating system.
The spyware also took advantage of a second advantage(Opens in a new window) Previously unknown bug in older iOS 15 affecting WebKit, the browser engine for Safari. In response, Apple has issued patches(Opens in a new window) for iPhone models since 6s.
Kaspersky also released more details on the same day(Opens in a new window) about his investigation into triangulation spyware, which differs significantly from other spyware associated with commercial surveillance companies such as Israel’s NSO Group.
Kaspersky’s report also confirmed that triangulation can exploit the iOS kernel to gain root privileges. It then deploys a spyware implant that only works in the device’s RAM, “which means all traces of the implant are lost when the device is restarted.”
Therefore, the operator of the spyware has to re-infect the phone in order to remain present on the device when it restarts. However, this also means that it can be difficult for security researchers to uncover the spyware. “If there is no reboot, the implant will uninstall itself after 30 days, unless this period is extended by the attackers,” added Kaspersky.
The company said it took “about half a year” to collect enough evidence that the spyware worked extensively. Kaspersky found that the spyware implant can receive commands from a primary and then a fallback command and control server. The implant was also designed with at least 24 commands, including the ability to steal files from the device, monitor the user’s location, steal passwords, and run other malicious programs.
Recommended by our editors
In addition, the company uncovered technical details that suggest triangulation could also be used to combat macOS devices. However, Kaspersky’s report makes no mention of who might have created the spyware, although the investigation is ongoing.
Still, that hasn’t stopped the Russian government from making claims(Opens in a new window) The spyware comes from the USA. The Kremlin has even gone so far as to accuse Apple of collaborating with US intelligence agencies to develop triangulation. “Several thousand devices of this brand were found to be infected,” Russia’s Federal Security Service (FSB) announced earlier this month, when Kaspersky first brought the triangulation spyware to public attention.
However, according to Reuters, Apple has denied any involvement(Opens in a new window) that the company “has never worked with any government to put a backdoor in an Apple product and never will.”
Meanwhile, users can update(Opens in a new window) their iPhones by going to go Settings > General > Software update. The device can also update automatically if you have automatic updates enabled.
Do you like what you are reading right now?
Sign up for SecurityWatch Newsletters with our top privacy and security stories delivered straight to your inbox.
This newsletter may contain advertisements, offers or affiliate links. By subscribing to a newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe anytime.