On June 24th, Gizcoupon reported that it was previously reported that Apple iOS 15.7 and earlier versions had a vulnerability known as Triangulation. This vulnerability allowed attackers to spread malware through iMessage. Apple has now released updates that fix this Triangulation vulnerability.
The specific system versions are as follows:
- iOS/iPadOS 16.5.1/15.7.7
- macOS Ventura 13.4.1
- watchOS 8.8.1 (which only addresses the CVE-2023-32434 vulnerability)
Gizcoupon has noted a vulnerability named CVE-2023-32434. It is an integer overflow vulnerability affecting the system kernel. This flaw can enable malicious Trojan horses to execute arbitrary code with kernel privileges.
Another vulnerability, CVE-2023-32439, exists in the Safari browser engine WebKit and involves a type of confusion vulnerability. It allows attackers to send web page links to deceive users into clicking and accessing them, thereby executing malicious code hidden within the web page.
Furthermore, Kaspersky has recently released a detection tool. It can help users and enterprises check if their iPhones are infected with malware. However, due to the closed nature of the Apple iOS system, users cannot directly connect their phones to a computer and open the software to scan the device itself. They must manually connect their iPhones to a computer and back up the data to the local storage before using the detection tool to analyze the iPhone files stored in the backup.