Russian AV vendor Kaspersky has claimed that iOS devices on its network are being targeted by sophisticated zero-day exploits.
The firm revealed in a blog post yesterday that “Operation Triangulation” likely dates back to 2019 and is ongoing.
“While monitoring the network traffic of our own corporate Wi-Fi network dedicated for mobile devices using the Kaspersky Unified Monitoring and Analysis Platform (KUMA), we noticed suspicious activity that originated from several iOS-based phones,” it explained.
“Since it is impossible to inspect modern iOS devices from the inside, we created offline backups of the devices in question, inspected them using the Mobile Verification Toolkit’s mvt-ios and discovered traces of compromise.”
The mvt-ios utility produced a timeline of events that enabled Kaspersky to recreate what happened.
It appears that targeted devices were sent an iMessage featuring an attachment containing the exploit. This triggered a vulnerability leading to code execution, without requiring any user interaction – known as a “zero-click” attack.