Apple has patched a third actively exploited zero day in five weeks – all three reported to it by Kaspersky, which is investigating a campaign first identified in June when the Russian security company’s iOS devices were hacked.
The vulnerability, allocated CVE-2023-38606, was fixed as part of Apple’s July 24 security updates. Kaspersky says it was used as part of a zero-click exploit chain that it first detailed in early June – calling it “Operation Triangulation”.
It also earlier reported Apple vulnerabilities tracked as CVE-2023-32434 and CVE-2023-32435 which it believes were used to breach devices since 2019.
“Apple has addressed one more kernel vulnerability discovered by Kaspersky researchers during the investigation of the Operation Triangulation attack,” Kaspersky said Tuesday. “This zero-day vulnerability CVE-2023-38606 was part of the discovered zero-click exploit chain. It affected a wide range of Apple products – iPhones, iPods, iPads, macOS devices, Apple TV and Apple Watch. Patching is available as part of the Apple Security Updates release as of July 24, 2023, and we highly recommend users to update their devices.”
Apple zero days spotted after Kaspersky devices hit
Kaspersky first spotted suspicious activity “while monitoring the network traffic of our own corporate Wi-Fi network dedicated for mobile devices” using its own tools, it said on June 1, attempting in an initial blogpost to break down what appeared to have been a highly sophisticated attack.
Russia's FSB security agency subsequently claimed, without providing evidence, that “thousands” of iPhones had been infected not just within the Russian government but “staff from the embassies of Israel, China, and several NATO member nations in Russia” – and alleged that the attacks were the result of “close cooperation” between US intelligence and Apple.
The latter responded that “we have never worked with any government to insert a backdoor into any Apple product and never will.”
Apple described the vulnerability on June 24 as: “An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1…This issue was addressed with improved state management.”
It did not share details on what constitutes “improved state management.”
Kaspersky Lab’s Valentin Pashkov, Mikhail Vinogradov, Georgy Kucherin, Leonid Bezvershenko, and Boris Larin were credited.