Source: Bleeping Computer
Summary
On June 23, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to patch vulnerabilities in iOS that allow attackers to install malware on iPhones via an iMessage zero-click exploit.
The order comes several weeks after the Russian Ministry of Foreign Affairs and the Federal Security Service (FSB) accused Apple of colluding with the US National Security Agency (NSA) to compromise thousands of iPhones belonging to users in Russia and associated with foreign embassies in Moscow.
The vulnerabilities were originally identified by Russian-based cybersecurity firm Kaspersky while it was investigating a previously unknown mobile advanced persistent threat (APT) campaign targeting iOS devices on its own network. The attacks started in 2019 and are still ongoing.
Analysis
Field Effect has not detected any exploitation of these iOS vulnerabilities in the wild, outside of the previously identified victims in Russia. This indicates the ability to exploit these vulnerabilities is likely contained to one or very few threat actors, possibly Western intelligence agencies based on the targeting of Russian users.
CISA has likely issued this order as a preventative measure to ensure devices are patched before another threat actor reverse engineers the patch and develops its own exploit.
Mitigation
Field Effect’s elite team of Security Intelligence professionals constantly monitor the cyber threat landscape for vulnerabilities discovered in software such as Apple’s iOS. This research contributes to the timely deployment of signatures into Covalence to detect and mitigate the exploitation of these vulnerabilities. Covalence users are automatically notified when vulnerable software is detected in their environment and are encouraged to review these AROs as quickly as possible.
Field Effect strongly encourages users of Apple devices to update to the latest version of iOS as soon as possible.
References