Apple Addresses Kernel Zero-Day Vulnerability in Older iPhones and iPads

In the ever-evolving landscape of cybersecurity, Apple has taken swift action against a zero-day security vulnerability, ensuring its users’ safety. The tech giant recently rolled out security updates for older iPhones and iPads, effectively backporting patches that had previously been released in June. These patches aim to mend a dangerous security flaw allowing malicious actors to execute arbitrary code on devices left unpatched.

This isn’t the first time Apple has contended with this particular zero-day vulnerability. On June 21, the company patched this issue for macOS, iPhones, and iPads. Now, in light of new developments, Apple is fortifying the defenses of its older devices as well.

Designated as CVE-2023-32434, this vulnerability emerges from an integer overflow within the Kernel. Such vulnerabilities can have grave implications, particularly when they provide openings for unauthorized entities to gain undue control.

This security flaw was found and reported by Kaspersky security researchers Georgy Kucherin (@kucher1n), Leonid Bezvershenko (@bzvr_), Boris Larin (@oct0xor), and Valentin Pashkov.

Moreover, Kaspersky has also detailed an iOS spyware component related to this flaw in a report concerning a campaign labeled “Operation Triangulation.”

As described by Kaspersky, “The implant, christened TriangleDB, becomes operative once attackers gain root access on a targeted iOS device, exploiting the kernel vulnerability. Intriguingly, this implant operates in-memory, erasing its footprint once the device is rebooted.” This means that should a victim restart their device, the attackers would have to reinitiate the infection process via a malicious iMessage attachment, reigniting the entire exploitation chain. Without a reboot, the implant self-decommissions after 30 days, unless the attackers proactively prolong its operation.

A successful exploit of this vulnerability grants attackers the power to execute arbitrary code, endowed with kernel privileges – a prospect as daunting as it sounds.

In a recent security advisory, Apple acknowledged the vulnerability’s potential active exploitation against versions preceding iOS 15.7, stating, “Apple is aware of a report that this issue may have been actively exploited.”

The latest security updates are tailored for an array of devices, encompassing iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation).

The best way to protect yourself from this attack is to update your iPhone or iPad to iOS 15.8 or later as soon as possible. You can do this by going to Settings > General > Software Update.