Apple updates iOS to kill Trojan known as Triangulation, distributed via iMessage

June 23 (Portaltic/EP) –

The latest version of operating systems Apple iOS and iPadOS kills the Trojan known as Triangulation, distributed via iMessage, capable of silently transmitting private information to remote servers, such as photos and geolocation data.

researchers from Kaspersky have pointed out that, to carry out this malicious campaign, cybercriminals send a communication through this messaging application with a malicious attachment, taking advantage of vulnerabilities in said OS, identified as CVE-2023-32434, CVE-2023-32435 and CVE-2023-32439.

Specifically, this campaign was detected by the Kaspersky Unified Monitoring and Analysis Platform (KUMA), when it determined that several dozen iPhones belonging to senior employees of this cybersecurity firm were infected with this malicious ‘software’ and “extremely sophisticated”, called Triangulation.

As specified by the company, this ‘spyware’ does not require any type of action for its implementation and, once it has infected the device, it can send to remote servers microphone recordings, photographs from instant messaging platforms and geolocation data, as well as other user information stored on the mobile phone.

Kaspersky has stated that due to the nature of the closed iOS ecosystem, there are no standard operating system tools to detect and remove this spyware from affected phones, instead For this, it is necessary to reset the device.

Manzana has announced recently that it has fixed these vulnerabilities, which allowed cybercriminals to execute arbitrary code with kernel privileges or process web content for malicious purposes.

iOS 15.7.7 and iPadOS 15.7.7 they end with Triangulation without the need to reset the mobile device and lose all the information. Both are available for iPhones 6s, iPhone 7, iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation) and iPod Touch (7th generation).

The National Institute of Cybersecurity (Incibe) has launched an alert on these vulnerabilities, which it describes as importance 5 – criticalto urge users to update their devices as soon as possible.