An iMessage vulnerability on older iPhones running iOS can be exploited by hackers to send malicious code and take control of the device.
Russian security firm Kaspersky said it accidentally discovered the vulnerability after some employees’ iPhones ran unusually slow and could not update to new iOS. The company then backed up the data of the suspected infected device and found evidence of malware intrusion. Kaspersky calls the vulnerability a “triangular campaign”.
Two older iPhone models in the hands of a user. Not updating iOS leaves the iPhone vulnerable to attacks. Photo: Reuters
Specifically, crooks will use iMessage to send messages with malicious code attached to the target iPhone. Malware can then get inside iOS without the user’s knowledge. After successful installation, they will “listen to commands” from remote hackers every time the device connects to the Internet.
Kaspersky said that when exploiting the vulnerability, the malware has unrestricted access to the iPhone and runs a series of commands to collect personal information, including microphone recordings, images from messengers and geolocation. Even deleted messages can be restored. After stealing data, the software will automatically delete traces, so it is difficult for users to detect that their iPhone is infected with malware.
The “Triangle Campaign” is estimated to have been active since 2019 and is still continuing to this day. Apple is said to be aware of the vulnerability and patch it, because only iPhone models running iOS 15.7 and earlier are vulnerable.
Apple this week said that more than 80% of iPhone users have updated to iOS 16, meaning the majority are no longer at risk of attack. However, with 1.36 billion active iPhones in the world, 258 million iPhone users could still be targeted.
The simple way to avoid the problem is to update to the latest iOS. However, with an infected device, the malware will block updates, so the only way is to restore the device’s factory settings.
Apple has not responded to Kaspersky’s report.
Source: https://vnexpress.net/lo-hong-imessage-when-hang-tram-trieu-iphone-gap-nguy-4613099.html
Vina Aspire is a consulting company, providing IT solutions and services, network security, information security & safety in Vietnam. Vina Aspire’s team includes skilled, qualified, experienced and reputable experts and collaborators, along with major domestic and foreign investors and partners to join hands in building.
Businesses and organizations wishing to contact Vina Aspire Company with the following information:
Email: info@vina-aspire.com | Website: www.vina-aspire.com
Tel: +84 944 004 666 | Fax: +84 28 3535 0668
Vina Aspire – Vững bảo mật, trọn niềm tin
