According to Kaspersky, the message triggers a vulnerability that leads to code execution, and the code within the exploit downloads several subsequent stages from the command-and-control server that include additional exploits for privilege escalation.

After successful exploitation, a final payload is downloaded from the C&C server, which Kaspersky calls a “fully featured APT platform.” The initial message and the exploit in the attachment is then deleted.

How Kaspersky discovered the exploit

Researchers for Kaspersky, which is the subject of a federal government ban and potential enforcement actions due to its alleged ties to the Russian government, say the company was monitoring network traffic of its own corporate WiFi network dedicated for mobile devices when they noticed suspicious activity coming from iOS devices.

“Since it is impossible to inspect modern iOS devices from the inside, we created offline backups of the devices in question, inspected them using the Mobile Verification Toolkit’s mvt-ios and discovered traces of compromise,” researchers say.

The company says its mobile device backups provided a partial copy of the filesystem, including some user data and service databases. Timestamps of files, folders and the database records helped the company reconstruct the events leading to compromise.

According to Kaspersky, the malicious toolset does not support persistence, likely due to the limitations of the operating system.

Based on timelines of infected devices, devices may be reinfected after being rebooted.

The oldest traces of infection discovered by researchers happened in 2019, and the attack is ongoing, as the most recent version of devices successfully targeted is iOS15.7, which was released in September 2022.

While analysis of the final payload is not finished yet, Kaspersky researchers say the code is run with root privileges, implements a set of commands for collecting system and user information, and can run arbitrary code downloaded as plugin modules from the C&C server.

Disabling iMessage would prevent iOS devices from compromise, the company says.

The vulnerabilities used, while not disclosed in the Kaspersky blog, were apparently zero days before they were patched in February.

Who is behind these attacks?

Kaspersky (neither the company nor the CEO of the same name) did not attribute the attacks to any specific group, but Russia’s Federal Security Service (FSB) in a separate statement (which didn’t specifically mention the Kaspersky report) accused the U.S. National Security Agency and Apple of having a “close cooperation” to spy on Russian diplomats.

In a statement provided to Reuters and other media outlets, Apple denied the claims, saying the company has “never worked with any government to insert a backdoor into any Apple product and never will.”

In a series of Tweets, CEO Eugene Kaspersky says successful exploitation can result in transmitting private information, including microphone recordings, photos from instant messages, geolocation and data about a number of other activities.

We’ve discovered a new cyberattack against iOS called Triangulation.

The attack starts with iMessage with a malicious attachment, which, using a number of vulnerabilities in iOS installs spyware. No user action is required.#IOSTriangulation pic.twitter.com/daxEYZwXwD

— Eugene Kaspersky (@e_kaspersky) June 1, 2023

The spyware infected “several dozen iPhones” of Kaspersky employees, but the CEO says the threat has been neutralized and the company is now operating normally.

In other Tweets, Kaspersky says the campaign is not related to other iOS attacks, such as Pegasus, Predator, or Reign. In addition, the Russia-based cybersecurity firm was not the main target of the attacks, the CEO says.

The company calls this campaign “Operation Triangulation” and has set up a webpage containing all related information. The company is asking anyone with additional details to contact the company at triangulation[at]kaspersky.com.

How to find out if you’ve been affected by Operation Triangulation

Kaspersky on Friday released a tool designed to automate the process of checking iOS device backups for possible indicators of compromise.

This article has been updated on June 2, 2023 to reflect a statement from Apple. 

The post Kaspersky Discovers New 0-Click iOS Exploit appeared first on My TechDecisions.

According to OpenAI, the ChatGPT app syncs a user’s chat history across devices and integrates Whisper, the company’s open-source speech-recognition system, allowing users to prompt ChatGPT with their voices.

The mobile app also gives subscribers to ChatGPT Plus–OpenAI’s $20 subscription plan–exclusive access to GPT-4’s capabilities, early access to features and faster response times on iOS devices, the company says.

While the launch of the ChatGPT mobile app is beginning with iOS users, the company says an app for Android devices will be coming soon.

The iOS app offers essentially the same functionality as using ChatGPT from the OpenAI website, including instant answers, tailored advice, text generation, professional assistance and learning opportunities, the company says.

OpenAI will begin the rollout of the generative chatbot iOS app in the U.S., with expansion to additional countries to come in the following weeks.

“With the ChatGPT app for iOS, we’re taking another step towards our mission by transforming state-of-the-art research into useful tools that empower people, while continuously making them more accessible,” the company says in a blog post.

OpenAI’s release of the ChatGPT app for iOS comes amid a wave of new features and updates from OpenAI designed to make ChatGPT more secure and safe, including new data control tools and a teased business subscription package designed to give organizations more control over their data.

With this new way of accessing ChatGPT, organizations may need to further educate and train employees on the use cases and capabilities of ChatGPT and other generative AI, as well as enact other policies around its usage for business purposes as data security has become an issue.

Read our guide, “ChatGPT and Generative AI in the Workplace,” for more information on how to manage the use of ChatGPT and generative AI.

The post OpenAI Launches ChatGPT App for iOS appeared first on My TechDecisions.

Apple released the update Monday through its Rapid Security Response update program, urging all users of iOS devices to apply the iOS Security Response 16.4.1 (a) update.

“This Rapid Security Response provides important security fixes and is recommended for all users,” Apple says of the update.

Apple has been silent on what vulnerabilities this update fixes, but it must be important, as the Rapid Security Response program is designed to fix vulnerabilities without having to issue a full software update.

However, no new CVE has appeared on its security update page, and a notice along with the update doesn’t detail anything about the issues it is fixing.

According to Apple, these kind of updates could provide security improvements in Safari, the WebKit framework, or other critical system libraries. They could also be used to mitigate zero day vulnerabilities or in-the-wild bugs.

The company says Rapid Security Responses are delivered only for latest versions of iOS, iPadOS and macOS. Devices should allow these updates to be applied automatically and should prompt users to restart their devices.

However, some users on Twitter reported on Monday getting an error message when trying to apply the updates. I tested it out myself Tuesday morning and the update was successful, but had to do so manually even though I had automatic updates enabled. Since this is a new deployment model, there might be some kinks Apple has to work out.

Like other software updates, users can navigate to Settings>General>Software Update to apply the Rapid Security Response. Doing so can also allow users to make sure that automatic updates for Rapid Security Response updates are turned on.

Users can opt out of Rapid Security Response updates and instead receive fixes or mitigations when they’re included in full software updates.

Admins should consult this Apple support document about how to manage Rapid Security Responses on Apple devices.

The post Why You Shouldn’t Ignore Apple’s iOS Rapid Security Response Update appeared first on My TechDecisions.

Microsoft 365 outage

Multiple Microsoft 365 services were down Wednesday in what Microsoft say was an issue called by a networking change. Services such as Outlook, Teams and others were inaccessible to users early Wednesday morning.

The company said it identified a networking issue and rolled back a networking configuration change. According to a Reuters report, this affected uses around the world, with services impacted in Americas, Europe, Asia Pacific, Middle East and Africa.

Read the Reuters report for more information.

Microsoft to shut down AltspaceVR

Microsoft is shutting down its social virtual reality platform, AltSpaceVR, on March 10, due to a desire to focus on Mesh, the mixed reality platform that Microsoft wants to grow and turn into a VR communication platform for commercial customers.

“We look forward to what is to come, including our launch of Microsoft Mesh, a new platform for connection and collaboration, starting by enabling workplaces around the world,” the company said in a blog. “In the near-term, we are focusing our VR efforts on workplace experiences, learning from and alongside our early customers and partners, and ensuring we deliver a foundation that enables security, trust and compliance. Over time, we hope to extend to consumer experience a well.”

Read Microsoft’s blog for more information.

DOJ takes down Hive Ransomware

The U.S. Department of Justice says it has undergone a months-long disruption campaign against the Hive ransomware group that has targeted more than 1,500 victims in over 80 countries around the world.

According to the DOJ, the FBI since July 2022 has penetrated the organization’s computer networks, captured decryption keys and offered them to global victims. That saved victims from having to pay $130 million in ransom demands. Law enforcement has provided over 300 decryption keys to Hive victims who were under attack and has distributed over 1,000 other decryption keys to previous victims.

Read the DOJ announcement for more information.

Beware of malicious use of RMM software

Several U.S. agencies are warning of an uptick in cyber campaigns involving the malicious use of remote monitoring and management software, with one particular campaign using phishing emails that led to the download of ScreenConnect and AnyDesk to steal money from victim bank accounts.

While financially motivated, these attacks can lead to other activity, such as selling initial access to other cybercrime organizations. Legitimate RMM software is often used by threat actors to mask their activities and maintain persistence in a victim’s environment, the advisory warns.

Read the advisory for more information.

iOS 16.3 and hardware security keys

Apple has rolled out iOS 16.3, and the new operating system for iPhones and iPads features support for physical security keys for Apple IDs.

This allows users to use third-party security keys instead of two-factor authentication for their Apple ID. The feature will only work with security keys certified by the FIDO Alliance, such as keys from YubiKey or FEITAN.

Read this Apple support document for more information.

The post This Week in IT: Microsoft Outage, VR, Cyberattacks, iOS 16.3 appeared first on My TechDecisions.

This brings the collaborative and assistive features in Google Workplace to Microsoft Office files when using iOS devices like MacBooks, iPads and iPhones. The feature is already available on the web and Android devices.

According to Google, this now allows users to edit, comment and collaborate on Microsoft Office files using real-time collaboration tools in Google Docs, Sheets, Slides.

It makes it easier for Google users to open and edit files from Office that were shared by partners, vendors, coworkers or others and helps solve file-sharing problems when using different operating systems and communication platforms.

This also expands sharing options, improves sharing controls and reduces the need to download and email file attachments while streamlining workflows by reducing the need to convert file types.

Read Next: Google Rebrands G Suite as Google Workspace

In a blog, Google said, “Office editing will replace Quickoffice (sometimes known as Office Compatibility Mode), which has more limited functionality and collaboration capabilities.”

The feature is available for users of Google Workplace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, and Enterprise Plus as well as G Suite Basic, Business, Education, Enterprise for Education, and Nonprofits customers as well as personal Google accounts.

Supported file formats include .doc, .docx, .dot, .xls, .xlsx, .xlsm, .xlt, macro-enabled Excel files, .ppt, .pptx, .pps and .pot.

To add an Office file to Google drivers, users will go to .drive.google.com, select New > File upload and choose the file they want to upload.

For system administrators, Google published a guide to help set up Office editing.

In October, Google announced the rebrand of G Suite to Google Workspace as the company aims for a deeper integration of its core tools into a single unified experience.

The post Google Brings Microsoft Office Editing to iOS appeared first on My TechDecisions.