Kaspersky is reporting a zero-click iOS exploit in the wild:
Mobile device backups contain a partial copy of the filesystem, including some of the user data and service databases. The timestamps of the files, folders and the database records allow to roughly reconstruct the events happening to the device. The mvt-ios utility produces a sorted timeline of events into a file called “timeline.csv,” similar to a super-timeline used by conventional digital forensic tools.
Using this timeline, we were able to identify specific artifacts that indicate the compromise. This allowed to move the research forward, and to reconstruct the general infection sequence:
The target iOS device receives a message via the iMessage service, with an attachment containing an exploit.
Without any user interaction, the message triggers a vulnerability that leads to code execution.
The code within the exploit downloads several subsequent stages from the C&C server, that include additional exploits for privilege escalation.
After successful exploitation, a final payload is downloaded from the C&C server, that is a fully-featured APT platform.
The initial message and the exploit in the attachment is deleted
The malicious toolset does not support persistence, most likely due to the limitations of the OS. The timelines of multiple devices indicate that they may be reinfected after rebooting. The oldest traces of infection that we discovered happened in 2019. As of the time of writing in June 2023, the attack is ongoing, and the most recent version of the devices successfully targeted is iOS 15.7.
No attribution as of yet.
More Stories
Moldovan Behind E-Root Marketplace Gets US Federal Prison Term
Sandu Boris Diaconu was involved in conspiracy to commit access device and computer fraud Read More
FCC Agrees to Cyber Trust Mark for IoT Products
The voluntary FCC program will allow smart device manufacturers to demonstrate to consumers that their product has met robust cybersecurity...
Over 50,000 Vulnerabilities Discovered in DoD Systems Through Bug Bounty Program
Seven years into its ethical hacking program, the Pentagon received its 50,000th vulnerability report on March 15 Read More
Three New Critical Vulnerabilities Uncovered in Argo
The flaws, identified by KTrust, enable attackers to bypass rate limits and brute force protection mechanisms Read More
Fujitsu hack raises questions, after firm confirms customer data breach
Fujitsu has warned that cybercriminals may have stolen files with personal and customer data after it discovering malware on its...
Microsoft: 87% of UK Organizations Vulnerable to Costly Cyber-Attacks
A Microsoft report found that 87% of UK organizations are either vulnerable or at high-risk of cyber-attacks, and urged investment...