'Operation Triangulation' can access memory, take control of iOS device: Cybersecurity firm Kaspersk

The company experts unveiled "previously undisclosed details of the attack chain that took advantage of five vulnerabilities.

  • Facebook Share Icon
  • Twitter Share Icon
  • WhatsApp Share Icon
 
Follow : Google News Icon
cybercrime, cyber, cyberfraud
Cybersecurity | Image: Pixabay

Kaspersky, a cybersecurity firm, has reported on "Operation Triangulation," a cyber threat targeting iOS devices, which is capable of accessing the physical memory without user interaction and taking complete control over the device. 

Undisclosed details of the attack 

The company experts unveiled "previously undisclosed details of the attack chain that took advantage of five vulnerabilities, four of which were previously unknown", the report said.

"The hardware-based security features of devices with newer Apple chips significantly bolster their resilience against cyber attacks. But they are not invulnerable. Operation Triangulation serves as a reminder to exercise caution when handling iMessage attachments from unfamiliar sources," Boris Larin, Principal Security Researcher at Kaspersky's GReAT, said.

The advanced persistent threat (APT) campaign targeting iOS devices was discovered by Kaspersky's Global Research and Analysis Team (GReAT). Operation Triangulation uses a sophisticated method of distributing zero-click exploits via iMessage to gain control over the device and its user data. 

Advertisement

"While Kaspersky's victims include the company's top and middle management as well as researchers based in Russia, Europe and META, the company was not the only target of the attack," it said.

The campaign exploited five vulnerabilities, four of which were previously unknown. Researchers also found that attackers had a platform to carry out attacks via the Safari web browser, prompting the discovery and fixing of a fifth vulnerability. Kaspersky recommends regularly updating the operating system, applications, and antivirus software to patch known vulnerabilities and verifying the sender's identity before sharing personal information or clicking on suspicious links.

Advertisement

(With PTI Inputs) 

Published By:
 Akshit Tyagi
Published On: