iMessage vulnerability puts hundreds of millions of iPhones at risk

An iMessage vulnerability on older iPhones running iOS can be exploited by hackers to send malicious code and take control of the device.

Russian security firm Kaspersky said it accidentally discovered the vulnerability after some employees’ iPhones ran unusually slow and could not update to new iOS. The company then backed up the data of the suspected infected device and found evidence of malware intrusion. Kaspersky calls the vulnerability a “triangular campaign”.

Two older iPhone models in the hands of a user. Not updating iOS leaves the iPhone vulnerable to attacks. Photo: Reuters

Specifically, crooks will use iMessage to send messages with malicious code attached to the target iPhone. Malware can then get inside iOS without the user’s knowledge. After successful installation, they will “listen to commands” from remote hackers every time the device connects to the Internet.

Kaspersky said that when exploiting the vulnerability, the malware has unrestricted access to the iPhone and runs a series of commands to collect personal information, including microphone recordings, images from messengers and geolocation. Even deleted messages can be restored. After stealing data, the software will automatically delete traces, so it is difficult for users to detect that their iPhone is infected with malware.

The “Triangle Campaign” is estimated to have been active since 2019 and is still continuing to this day. Apple is said to be aware of the vulnerability and patch it, because only iPhone models running iOS 15.7 and earlier are vulnerable.

Apple this week said that more than 80% of iPhone users have updated to iOS 16, meaning the majority are no longer at risk of attack. However, with 1.36 billion active iPhones in the world, 258 million iPhone users could still be targeted.

The simple way to avoid the problem is to update to the latest iOS. However, with an infected device, the malware will block updates, so the only way is to restore the device’s factory settings.

Apple has not responded to Kaspersky’s report.


Vina Aspire is a consulting company, providing IT solutions and services, network security, information security & safety in Vietnam. Vina Aspire’s team includes skilled, qualified, experienced and reputable experts and collaborators, along with major domestic and foreign investors and partners to join hands in building.

Businesses and organizations wishing to contact Vina Aspire Company with the following information:

Email: | Website:
Tel: +84 944 004 666 | Fax: +84 28 3535 0668

Vina Aspire – Vững bảo mật, trọn niềm tin

Bài viết liên quan

About Us

Learn More

Vina Aspire is a leading Cyber Security & IT solution and service provider in Vietnam. Vina Aspire is built up by our excellent experts, collaborators with high-qualification and experiences and our international investors and partners. We have intellectual, ambitious people who are putting great effort to provide high quality products and services as well as creating values for customers and society.

may ao thun Kem sữa chua May o thun May o thun đồng phục Định cư Canada Dịch vụ kế ton trọn gi sản xuất đồ bộ
Translate »