iOS 17 problems on iPhone are nothing compared to Apple’s biggest vulnerability. Kasperky discovered Operation Triangulation.

For three months now, Apple has been dealing with serious bugs regarding the update of its operating system. iOS 17 has been having problems since its release. And it continues to do so even after the release of iOS 17.2.

Apple, here is the biggest vulnerability for iPhones – Sjbeez

In September the uprising of iPhone fans. It was quickly discovered that the titanium design did not pose the problem of iPhones overheating excessively, including mysterious night-time shutdowns. Instead it was all the fault of IOS 17 which conflicted with some third-party apps.

Many reports have still arrived after the iOS 17.2 update, which is causing battery performance problems and the inability to connect to your network provider. But this is nothing: Kasperky has discovered Apple’s biggest vulnerability, thanks to Operation Triangulation.

Kasperky and Operation Triangulation: control of the iPhone is lost and the information is stolen

While monitoring network traffic, the well-known Russian company specializing in the production of software designed for cybersecurity discovered a previously unknown mobile APT campaign targeting iOS devices, infected using zero-click exploits via the iMessage platform.

Kaspersky and the great discovery about Apple revealed with Operation Triangulation – photo source kaspersky.it – Sjbeez

The malware runs with root privileges, gaining complete control over the user’s device and data. Kasperaky himself called this campaign "Operation Triangulation". Attackers essentially send a malicious iMessage attachment, which the application processes without showing any signs to the user.

This attachment exploits the CVE-2023-41990 remote code execution vulnerability in the undocumented Apple-only ADJUST TrueType font statement. The consequences are highly harmful for iPhones in general: they allow you to gain control of the phone by stealing the information contained within them.

After exploiting all the vulnerabilities, the JavaScript exploit can do whatever it wants on the device, including running spyware. Kaspersky, in highlighting that there remain many unknowns surrounding the flaw, highlights that it has not been able to understand whether the flaw depends on Apple or on a third-party component such as ARM.

Apple, for its part, has ensured that the biggest vulnerability on its devices, iPhone first and foremost, has been resolved with iOS 16.2 released in December last year. As usual, it is recommended to update your terminal with the latest security patches.