The Triangulation exploit chain
In an email, Kaspersky researcher Boris Larin wrote, “The exploit’s sophistication and the feature’s obscurity suggest the attackers had advanced technical capabilities. Our analysis hasn’t revealed how they became aware of this feature, but we’re exploring all possibilities, including accidental disclosure in past firmware or source code releases. They may also have stumbled upon it through hardware reverse engineering.”
The malware and the campaign that led to the installation of it were both called “Triangulation” and it contained four zero-day vulnerabilities which means that the attackers knew about these vulnerabilities before Apple did. Apple has since patched the flaws which were cataloged as:
- CVE-2023-32434
- CVE-2023-32435
- CVE-2023-38606
- CVE-2023-41990
The aforementioned secret hardware at the root of this issue and the four zero-day flaws not only affected iPhone models, it also impacted iPads, iPods, Macs, Apple TVs, and Apple Watches. Apple patched the vulnerabilities on all of the above-mentioned devices.
As for who was behind the attack, some blame the U.S. National Security Agency (NSA). Russia’s Federal Security Service says the attack came from the NSA working with Apple although Kaspersky said that it has no evidence that either were involved.
