Apple Fixes Iphone Software Flaws Used in Widespread Hacks of Russians
12:35 JST, June 22, 2023
Apple on Wednesday said it had fixed two newly discovered security flaws in its iPhones and iPads that had been used to hack thousands of devices in Russia, underscoring the seriousness of a campaign that Russian intelligence blamed on the United States.
Apple credited the discovery of the flaws to researchers from Russian security software maker Kaspersky Lab, which said three weeks ago that its senior employees were among those targeted. At the same time as Kaspersky’s initial announcement, Russia’s Federal Security Service, known as the FSB, accused the National Security Agency of being responsible. It did not provide evidence or explain how it reached that conclusion. The NSA did not respond to a request for comment.
Kaspersky said previously that the attack worked by sending an iMessage with a malicious attachment. Without ever seeing that message, the phone’s user would be infected and the attacker could run code of their choosing. The infection would disappear when users turned their phones off and on again, which experts say consumers should do at regular intervals. Apple’s optional Lockdown Mode also blocked the attacks.
On Wednesday, Kaspersky gave more detail, saying that the malicious code installed after infection had 24 commands, including extracting passwords from Apple’s Keychain, monitoring locations, and modifying or exporting files.
“As we delved into the attack, we discovered a sophisticated iOS implant that displayed numerous intriguing oddities,” said Kaspersky’s Georgy Kucherin, one of three credited by Apple with discovering the vulnerabilities. Kaspersky dubbed the attack Triangulation, and it and others have released tools to check if devices are infected.
Apple said the fixes would protect iPhones running iOS 15.7 or earlier, which became out of date in September. More recent versions of the operating system had other improvements that made them impervious to the attacks. Apple said 90 percent of customers who bought devices in the past four years have updated to iOS 16, the latest major release.
Kaspersky thanked Apple for working with it to analyze and repair the flaws.
Kaspersky in the past has exposed a number of the most sophisticated spying tools the NSA is known to have worked on, including some related to Stuxnet, which disabled Iranian uranium enrichment tools.
U.S. officials later said that Kaspersky’s consumer anti-virus program had been used to extract classified material from an intelligence employee’s home computer. Kaspersky was banned from federal machines, and its share of the U.S. market plummeted.
The infection technique used in Triangulation is similar to that used by NSO and other vendors of high-end spyware. The White House and other U.S. officials have blacklisted NSO for dealing with repressive governments that then spied on innocent citizens.
"News Services" POPULAR ARTICLE
-
G-Shock Watchmaker Casio Delays Earnings Release Due to Ransomware Attack
-
North Korea Long-Range Ballistic Missile Test Splashes Down between Japan and Russia (UPDATE 1)
-
Japan’s Nikkei Stock Closes at 2-week Peak as Tech Shares Track Nasdaq Higher (Update 1)
-
Nissan Plans 9,000 Job Cuts, Slashes Annual Profit Outlook
-
Iran Arrests Female Student Who Stripped to Protest Harassment
JN ACCESS RANKING
- Streaming Services Boost Anime Popularity Overseas; Former ‘Geeky’ Interest More Beloved Among Gen Z than 3 Major U.S. Sports
- G20 Sees Soft Landing for Global Economy; Leaders Pledge to Resist Protectionism as Trump Calls for Imported Goods Flat Tariff
- Chinese Rights Lawyer’s Wife Seeks Support in Japan; Sophie Luo Calls for Beijing to Free Ding Jiaxi, Xu Zhiyong
- ‘Women Over 30 Would Have Uteruses Removed’; Remarks of CPJ Leader, Novelist Naoki Hyakuta Get Wide Attention
- Typhoon Kong-rey to Reach South of Japan’s Okinawa on Thursday; JWA Urges High Alert for Strong Winds, Heavy Rain