#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Apple iOS | Breaking Cybersecurity News | The Hacker News

iOS Zero-Day Attacks: Experts Uncover Deeper Insights into Operation Triangulation

iOS Zero-Day Attacks: Experts Uncover Deeper Insights into Operation Triangulation

Oct 24, 2023 Zero Day / Mobile Security
The TriangleDB implant used to target Apple iOS devices packs in at least four different modules to record microphone, extract iCloud Keychain, steal data from SQLite databases used by various apps, and estimate the victim's location. The new findings come from Kaspersky, which detailed the great lengths the adversary behind the campaign, dubbed  Operation Triangulation , went to conceal and cover up its tracks while clandestinely hoovering sensitive information from the compromised devices. The sophisticated attack first came to light in June 2023, when it emerged that iOS devices had been targeted by a  zero-click exploit  weaponizing then  zero-day security flaws  (CVE-2023-32434 and CVE-2023-32435) that leverages the iMessage platform to deliver a malicious attachment that can gain complete control over the devices and user data. The scale and the identity of the threat actor is presently unknown, although Kaspersky itself became one of the targets at the start of the year,
PEACHPIT: Massive Ad Fraud Botnet Powered by Millions of Hacked Android and iOS

PEACHPIT: Massive Ad Fraud Botnet Powered by Millions of Hacked Android and iOS

Oct 09, 2023 Botnet / Cyber Threat
An ad fraud botnet dubbed  PEACHPIT  leveraged an army of hundreds of thousands of Android and iOS devices to generate illicit profits for the threat actors behind the scheme. The botnet is part of a larger China-based operation codenamed  BADBOX , which also entails selling off-brand mobile and connected TV (CTV) devices on popular online retailers and resale sites that are backdoored with an  Android malware strain  called  Triada . "The PEACHPIT botnet's conglomerate of associated apps were found in 227 countries and territories, with an estimated peak of 121,000 devices a day on Android and 159,000 devices a day on iOS," HUMAN  said . The infections are said to have been realized through a collection of 39 apps that were installed more than 15 million times. Devices fitted with the BADBOX malware allowed the operators to steal sensitive data, create residential proxy exit peers, and commit ad fraud through the bogus apps. It's currently not clear how the And
How to Find and Fix Risky Sharing in Google Drive

How to Find and Fix Risky Sharing in Google Drive

Mar 06, 2024Data Security / Cloud Security
Every Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn't anyone's fault; it's inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internally and externally.  For Security & Risk Management teams, the untenable risk of any Google Drive footprint lies in the toxic combinations of sensitive data, excessive permissions, and improper sharing. However, it can be challenging to differentiate between typical business practices and potential risks without fully understanding the context and intent.  Material Security, a company renowned for its innovative method of protecting sensitive data within employee mailboxes, has recently launched  Data Protection for Google Drive  to safeguard the sprawl of confidential information scattered throughout Google Drive with a powerful discovery and remediation toolkit. How Material Security helps organ
Apple Rolls Out Security Patches for Actively Exploited iOS Zero-Day Flaw

Apple Rolls Out Security Patches for Actively Exploited iOS Zero-Day Flaw

Oct 05, 2023 Zero Day / Vulnerability
Apple on Wednesday rolled out security patches to address a new zero-day flaw in iOS and iPadOS that it said has come under active exploitation in the wild. Tracked as  CVE-2023-42824 , the kernel vulnerability could be abused by a local attacker to elevate their privileges. The iPhone maker said it addressed the problem with improved checks. "Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6," the company  noted  in a terse advisory. While additional details about the nature of the attacks and the identity of the threat actors perpetrating them are currently unknown, successful exploitation likely hinges on an attacker already obtaining an initial foothold by some other means. Apple's latest update also resolves  CVE-2023-5217  impacting the WebRTC component, which Google last week described as a heap-based buffer overflow in the VP8 compression format in libvpx. The patches, iOS 17.0.3 and iPadOS 1
cyber security

Uncover Critical Gaps in 7 Core Areas of Your Cybersecurity Program

websiteArmor PointCyber Security / Assessment
Turn potential vulnerabilities into strengths. Start evaluating your defenses today. Download the Checklist.
New Report Exposes Operation Triangulation's Spyware Implant Targeting iOS Devices

New Report Exposes Operation Triangulation's Spyware Implant Targeting iOS Devices

Jun 21, 2023 Mobile Security / Spyware
More details have emerged about the spyware implant that's delivered to iOS devices as part of a campaign called Operation Triangulation. Kaspersky, which  discovered the operation  after becoming one of the targets at the start of the year, said the malware has a lifespan of 30 days, after which it gets automatically uninstalled unless the time period is extended by the attackers. The Russian cybersecurity company has codenamed the backdoor  TriangleDB . "The implant is deployed after the attackers obtain root privileges on the target iOS device by exploiting a kernel vulnerability," Kaspersky researchers  said  in a new report published today. "It is deployed in memory, meaning that all traces of the implant are lost when the device gets rebooted. Therefore, if the victim reboots their device, the attackers have to reinfect it by sending an iMessage with a malicious attachment, thus launching the whole exploitation chain again." Operation Triangulation
New Zero-Click Hack Targets iOS Users with Stealthy Root-Privilege Malware

New Zero-Click Hack Targets iOS Users with Stealthy Root-Privilege Malware

Jun 01, 2023 Mobile Security / APT
A previously unknown advanced persistent threat (APT) is targeting iOS devices as part of a sophisticated and long-running mobile campaign dubbed  Operation Triangulation  that began in 2019. "The targets are infected using zero-click exploits via the iMessage platform, and the malware runs with root privileges, gaining complete control over the device and user data," Kaspersky  said . The Russian cybersecurity company said it discovered traces of compromise after creating offline backups of the targeted devices. The attack chain begins with the iOS device receiving a message via iMessage that contains an attachment bearing the exploit. The exploit is said to be  zero-click , meaning the receipt of the message triggers the vulnerability without requiring any user interaction in order to achieve code execution. It's also configured to retrieve additional payloads for privilege escalation and drop a final stage malware from a remote server that Kaspersky described as
Apple's New "Lockdown Mode" Protects iPhone, iPad, and Mac Against Spyware

Apple's New "Lockdown Mode" Protects iPhone, iPad, and Mac Against Spyware

Jul 07, 2022
Apple on Wednesday announced it plans to introduce an enhanced security setting called  Lockdown Mode  in iOS 16, iPadOS 16, and macOS Ventura to safeguard high-risk users against "highly targeted cyberattacks." The "extreme, optional protection" feature, now available for preview in beta versions of its upcoming software, is designed to counter a surge in threats posed by private companies developing state-sponsored surveillanceware such as  Pegasus ,  DevilsTongue ,  Predator , and  Hermit . Lockdown Mode, when enabled, "hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware," Apple  said  in a statement. This includes blocking most message attachment types other than images and disabling link previews in Messages; rendering inoperative just-in-time ( JIT ) JavaScript compilation; removing support for shared albums in Photos; a
Researchers Detail New HomeKit 'doorLock' Bug Affecting Apple iOS

Researchers Detail New HomeKit 'doorLock' Bug Affecting Apple iOS

Jan 04, 2022
A persistent denial-of-service (DoS) vulnerability has been discovered in Apple's iOS mobile operating system that's capable of sending affected devices into a crash or reboot loop upon connecting to an Apple Home-compatible appliance. The behavior, dubbed "doorLock," is trivial in that it can be triggered by simply changing the name of a HomeKit device to a string larger than 500,000 characters. This causes an iPhone or iPad that attempts to connect to the device to become unresponsive and enter an indefinite cycle of system failure and restart that can only be mitigated by restoring the affected device from Recovery or DFU (Device Firmware Update) Mode. HomeKit  is Apple's software framework that allows iOS and iPadOS users to configure, communicate with, and control connected accessories and smart-home appliances using Apple devices. "Any device with an affected iOS version installed that loads the string will be disrupted, even after rebooting,"
Latest Apple iOS Update Patches Remote Jailbreak Exploit for iPhones

Latest Apple iOS Update Patches Remote Jailbreak Exploit for iPhones

Dec 14, 2021
Apple on Monday released updates to  iOS ,  macOS ,  tvOS , and  watchOS  with security patches for multiple vulnerabilities, including a remote jailbreak exploit chain as well as a number of critical issues in the Kernel and Safari web browser that were first demonstrated at the Tianfu Cup held in China two months ago. Tracked as CVE-2021-30955, the issue could have enabled a malicious application to execute arbitrary code with kernel privileges. Apple said it addressed the race condition bug with "improved state handling." The flaw also impacts macOS devices. "The kernel bug CVE-2021-30955 is the one we tried [to] use to build our remote jailbreak chain but failed to complete on time," Kunlun Lab's chief executive, @mj0011sec,  said  in a tweet. A set of similar kernel vulnerabilities were eventually harnessed by the Pangu Team at the  Tianfu hacking contest  to break into an iPhone13 Pro running iOS 15, a feat that netted the white hat hackers $330,000 in
Google uncovers new iOS security feature Apple quietly added after zero-day attacks

Google uncovers new iOS security feature Apple quietly added after zero-day attacks

Jan 29, 2021
Google Project Zero on Thursday disclosed details of a new security mechanism that Apple quietly added to iOS 14 as a countermeasure to prevent attacks that were recently found to leverage zero-days in its messaging app. Dubbed " BlastDoor ," the improved sandbox system for iMessage data was disclosed by Samuel Groß, a Google Project Zero researcher tasked with studying zero-day vulnerabilities in hardware and software systems. "One of the major changes in iOS 14 is the introduction of a new, tightly sandboxed 'BlastDoor' service which is now responsible for almost all parsing of untrusted data in iMessages," Groß  said . "Furthermore, this service is written in Swift, a (mostly) memory safe language which makes it significantly harder to introduce classic memory corruption vulnerabilities into the code base." The development is a consequence of a  zero-click exploit  that leveraged an Apple iMessage flaw in iOS 13.5.1 to get around security p
New Tool Can Jailbreak Any iPhone and iPad Using An Unpatched 0-Day Bug

New Tool Can Jailbreak Any iPhone and iPad Using An Unpatched 0-Day Bug

May 25, 2020
The hacking team behind the "unc0ver" jailbreaking tool has released a new version of the software that can unlock every single iPhone, including those running the latest iOS 13.5 version. Calling it the first zero-day jailbreak to be released since iOS 8, unc0ver's lead developer Pwn20wnd said "every other jailbreak released since iOS 9 used 1day exploits that were either patched in the next beta version or the hardware." The group did not specify which vulnerability in iOS was exploited to develop the latest version. The unc0ver website also highlighted the extensive testing that went behind the scenes to ensure compatibility across a broad range of devices, from iPhone 6S to the new iPhone 11 Pro Max models, spanning versions iOS 11.0 through iOS 13.5, but excluding versions 12.3 to 12.3.2 and 12.4.2 to 12.4.5. "Utilizing native system sandbox exceptions, security remains intact while enabling access to jailbreak files," according to un
Chinese Hackers Using New iPhone Hack to Spy On Uyghur Muslims

Chinese Hackers Using New iPhone Hack to Spy On Uyghur Muslims

Apr 22, 2020
A Chinese hacking group has been found leveraging a new exploit chain in iOS devices to install a spyware implant targeting the Uyghur Muslim minority in China's autonomous region of Xinjiang. The findings, published by digital forensics firm Volexity , reveal that the exploit — named "Insomnia" — works against iOS versions 12.3, 12.3.1, and 12.3.2 using a flaw in WebKit that was patched by Apple with the release of iOS 12.4 in July 2019. Volexity said the attacks were carried out by a state-sponsored hacking group it calls Evil Eye , the same threat actor that it said was behind a series of attacks against the Uyghurs last September following a bombshell disclosure by Google's Project Zero team . China has long considered Xinjiang a breeding ground for " separatists, terrorists and religious extremists ," with the residents of the region — ethnically Turkic Muslims — thrown into concentration camps , and subjected to persecution and high-tech surv
How Just Visiting A Site Could Have Hacked Your iPhone or MacBook Camera

How Just Visiting A Site Could Have Hacked Your iPhone or MacBook Camera

Apr 03, 2020
If you use an Apple iPhone or a MacBook, we have a piece of alarming news for you. Turns out merely visiting a website — not just malicious but also legitimate sites unknowingly loading malicious ads as well — using Safari browser could have let remote attackers secretly access your device's camera, microphone, or location, and in some cases, saved passwords as well. Apple recently paid a $75,000 bounty reward to an ethical hacker, Ryan Pickren , who practically demonstrated the hack and helped the company patch a total of seven new vulnerabilities before any real attacker could take advantage of them. The fixes were issued in a series of updates to Safari spanning versions 13.0.5 (released January 28, 2020) and Safari 13.1 (published March 24, 2020). "If the malicious website wanted camera access, all it had to do was masquerade as a trusted video-conferencing website such as Skype or Zoom," Pickren said. When chained together, three of the reported Safari
You Can Now Run Android on an iPhone With 'Project Sandcastle'

You Can Now Run Android on an iPhone With 'Project Sandcastle'

Mar 05, 2020
Not happy with your expensive iPhone and wondered if it's possible to run any other operating system on your iPhone, maybe, how to install Android on an iPhone or Linux for iPhones? Android phones can be rooted, and iPhones can be jailbroken to unlock new features, but so far, it's been close to impossible to get Android running on iPhones, given the mobile device hardware constraints and software limitations. However, it's now possible to smoothly run Android on an iPhone—thanks to a new initiative, dubbed Project Sandcastle . Undertaken by cybersecurity startup Corellium , Project Sandcastle is the consequence of a 13-year-long developmental effort to port Android to iOS and as well as demonstrate that Apple's much-vaunted security barriers can indeed be compromised. "Where sandboxes set limits and boundaries, sandcastles provide an opportunity to create something new from the limitless bounds of your imagination," the project website says. "T
Apple Under Fire Over Sending Some Users Browsing Data to China's Tencent

Apple Under Fire Over Sending Some Users Browsing Data to China's Tencent

Oct 14, 2019
Do you know Apple is sending iOS web browsing related data of some of its users to Chinese Internet company Tencent? I am sure many of you are not aware of this, neither was I, and believe me, none of us could expect this from a tech company that promotes itself as a champion of consumer privacy. Late last week, it was widely revealed that starting from at least iOS 12.2 , Apple silently integrated the " Tencent Safe Browsing " service to power its " Fraudulent Website Warning " feature in the Safari web browser for both iOS and macOS. Just like the Safe Browsing feature in Chrome and Mozilla Firefox, Safari's fraudulent website warning feature has also been designed to protect users from various online threats by simply checking every website they visit against a regularly updated list of malicious websites. Until iOS 12.2, Apple primarily relied on the database of "blacklisted websites" provided by Google's Safe Browsing service, whic
iOS 13 Bug Lets 3rd-Party Keyboards Gain 'Full Access' — Even When You Deny

iOS 13 Bug Lets 3rd-Party Keyboards Gain 'Full Access' — Even When You Deny

Sep 26, 2019
Following the release of iOS 13 and iPadOS earlier this week, Apple has issued an advisory warning iPhone and iPad users of an unpatched security bug impacting third-party keyboard apps. On iOS, third-party keyboard extensions can run entirely standalone without access to external services and thus, are forbidden from storing what you type unless you grant "full access" permissions to enable some additional features through network access. However, in the brief security advisory , Apple says that an unpatched issue in iOS 13 and iPadOS could allow third-party keyboard apps to grant themselves "full access" permission to access what you are typing—even if you deny this permission request in the first place. It should be noted that the iOS 13 bug doesn't affect Apple's built-in keyboards or third-party keyboards that don't make use of full access. Instead, the bug only impacts users who have third-party keyboard apps—such as popular Gboard, Grammarl
Yikes! iOS 13 Coming Next Week With iPhone LockScreen Bypass Bug

Yikes! iOS 13 Coming Next Week With iPhone LockScreen Bypass Bug

Sep 13, 2019
Good news... next week, on September 19, Apple will roll out iOS 13, the latest version of its mobile operating system. Yes, we're excited about, but here comes the bad news... iOS 13 contains a vulnerability that could allow anyone to bypass the lockscreen protection on your iPhone and access some sensitive information. Jose Rodriguez , a Spanish security researcher, contacted The Hacker News and revealed that he discovered a lockscreen bypass bug in iOS 13 that allowed him to access the full list of Contacts on his iPhone—and every piece of information saved on them. Rodriguez told The Hacker News that he discovered the new lockscreen bypass bug on his iPhone running iOS 13 beta version and reported it to Apple on July 17. However, unfortunately, Apple failed to patch the bug even after being informed months ago, and the bypass is still working on the Gold Master (GM) version of iOS 13, the final version of the software that will be rolled out to everyone on Septembe
Google Uncovers How Just Visiting Some Sites Were Secretly Hacking iPhones For Years

Google Uncovers How Just Visiting Some Sites Were Secretly Hacking iPhones For Years

Aug 30, 2019
Beware Apple users! Your iPhone can be hacked just by visiting an innocent-looking website, confirms a terrifying report Google researchers released earlier today. The story goes back to a widespread iPhone hacking campaign that cybersecurity researchers from Google's Project Zero discovered earlier this year in the wild, involving at least five unique iPhone exploit chains capable of remotely jailbreaking an iPhone and implanting spyware on it. Those iOS exploit chains were found exploiting a total of 14 separate vulnerabilities in Apple's iOS mobile operating system—of which 7 flaws resided in Safari web browser, 5 in the iOS kernel and 2 separate sandbox escape issues—targeting devices with almost every version in that time-frame from iOS 10 through to the latest version of iOS 12. According to a deep-dive blog post published by Project Zero researcher Ian Beer, only two of the 14 security vulnerabilities were zero-days, CVE-2019-7287 and CVE-2019-7286, and unpat
Apple Releases iOS 12.4.1 Emergency Update to Patch 'Jailbreak' Flaw

Apple Releases iOS 12.4.1 Emergency Update to Patch 'Jailbreak' Flaw

Aug 27, 2019
Apple just patched an unpatched flaw that it patched previously but accidentally unpatched recently — did I confuse you? Let's try it again... Apple today finally released iOS 12.4.1 to fix a critical jailbreak vulnerability , like it or not, that was initially patched by the company in iOS 12.3 but was then accidentally got reintroduced in the previous iOS 12.4 update. For those unaware, roughly a week ago, an anonymous researcher who goes by the online alias "Pwn20wnd" released a free jailbreak for iOS 12.4 on GitHub that exploited a kernel vulnerability (CVE-2019-8605) that Apple patched in iOS 12.3 in May this year. However, the vulnerability accidentally got reintroduced in iOS 12.4 in July, making it easier for hackers to jailbreak updated Apple devices, including the iPhone XS, XS Max, and XR or the 2019 iPad Mini and iPad Air, running iOS 12.4 and iOS 12.2 or earlier. Now, Apple has released iOS 12.4.1 to re-patch the security issue that not only allow
Cybersecurity Resources