Citing evidence of active exploitation, the U.S. Cybersecurity and Infrastructure Security Agency has collectively added six flaws to its Known Exploited Vulnerabilities (KEV) catalog.
This includes three vulnerabilities that Apple patched this week (CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439), two VMware flaws (CVE-2023-20867 and CVE- 2023-20887), and contains one vulnerability. A flaw affecting Zyxel devices (CVE-2023-27992).
CVE-2023-32434 and CVE-2023-32435, both of which allow code execution, are said to have been exploited as zero-day spyware deployments as part of a multi-year cyber espionage campaign that began in 2019. I’m here.
Dubbed “Operation Triangulation,” the activity collects a wide range of information from compromised devices, including creating, modifying, deleting, and stealing files, listing and terminating processes, collecting credentials from iCloud Keychain, and tracking. It culminates in the deployment of TriangleDB, which is designed to User’s location.
The attack chain begins with the targeted victim receiving an iMessage with an attachment. This automatically triggers payload execution without any interaction required, making it a zero-click exploit.
“Malicious messages are malformed and do not trigger warnings or notifications. [the] users,” Kaspersky noted in its initial report.
CVE-2023-32434 and CVE-2023-32435 are two of the many iOS vulnerabilities exploited in spy attacks. One of them is CVE-2022-46690. This is a high-severity out-of-bounds write issue in IOMobileFrameBuffer that can be weaponized by a rogue app to execute arbitrary code with kernel privileges.
This weakness was fixed by Apple in December 2022 with improved input validation.
Kaspersky flagged TriangleDB as containing unused features that refer to macOS and permissions that ask for access to the device’s microphone, camera and address book, which it said could be exploited in the future. .
An investigation into a triangulation operation by a Russian cybersecurity firm began earlier this year when it detected a breach of its corporate network.
Given the active exploitation, Federal Civilian Executive (FCEB) agencies are encouraged to apply vendor-provided patches to protect their networks from potential threats.
This development follows CISA’s warning that the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite has three bugs that could lead to a Denial of Service (DoS) condition. received and performed.
Flaws – CVE-2023-2828, CVE-2023-2829, and CVE-2023-2911 (CVSS Score: 7.5) – could be exploited remotely, resulting in the specified BIND9 service unexpectedly It can exit or exhaust all available memory. The host will run with the specified name, causing a DoS.
This is the second time in six months that the Internet Systems Consortium (ISC) has released a patch that addresses similar issues in BIND9 that can cause DoS and system failures.
