Spyware alert! Have iPhone, iPad, Apple Watch? Update your device NOW!

Scary spyware is attacking Apple products and putting users at risk. According to Kaspersky, spyware has been discovered on iPhones owned by employees in its Moscow office as well as in other countries. They exploit iMessage zero-click vulnerabilities and take advantage of iOS bugs.

How does it work? A report by Kaspersky suggested that after acquiring root privileges on the targeted iPhone or iOS devices by exploiting a kernel vulnerability, the attackers install an implant named TriangleDB. This implant works in the device's memory, ensuring that all evidence of its presence is erased when rebooted. Resultantly, if the victim restarts their device, the attackers must reinfect it by sending an iMessage containing a malicious attachment, initiating the entire exploitation process once more. However, if no reboot takes place, the implant self-uninstalls after 30 days, unless the attackers extend this timeframe.

Who are in danger

A report by BleepingComputer shared the list of Apple products that were affected by the zero-day vulnerability. Check here:

• iPhones: iPhone 8 and later iPhone models, iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation),
• iPads: all models of the iPad Pro, iPad Air 3rd Gen and later, iPad 5th Gen and later, iPad mini 5th Gen and later, iPad Air 2, iPad mini (4th generation).
• iPod: iPod touch (7th generation)
• Macs: Macs that are running on macOS Big Sur, Monterey, and Ventura
• Apple Watch: Apple Watch Series 4 and later, Apple Watch Series 3, Series 4, Series 5, Series 6, Series 7, and SE

Should you worry?

On June 22, Apple released updates for CVE-2023-32434 (Kernel) and CVE-2023-32435 (WebKit) in-the-wild zero-days in the iOS Triangulation attacks, Boris Larin, a Kaspersky researcher informed.

Hence, you should update your iPhone, iPad, Mac, or Apple Watch to get rid of any spyware on your device.

New threat ahead!

Meanwhile, America's cyber defense agency, CISA incorporated an additional vulnerability into its roster of known exploited vulnerabilities (KEV). This newly identified flaw is a critical pre-authentication command injection bug (CVE-2023-27992) capable of enabling unauthenticated attackers to execute operating system commands on Network-Attached Storage (NAS) devices that are exposed to the Internet and remain unpatched, the report explained.

Following this recent update, federal agencies have been directed to safeguard sensitive devices against the newly identified vulnerabilities before June 14th, 2023.