iOS 16.5
Lookout Coverage and Recommendation for Admins
Lookout provides multilayered protection for devices that are exploitable through multiple vectors and could be compromised. To ensure your devices aren't exposed through the vulnerabilities in iOS 16.5 and earlier, Lookout admins should set default OS Out of Date policy to have a minimum iOS version of 16.5.1 for applicable models. iOS 15.7.7 also has the fixes. They can then choose whether to alert the user that the device is out of compliance or block access to enterprise resources until iOS is updated.
In addition to requiring a minimum OS, admins should enable Lookout Phishing & Content Protection (PCP) to protect mobile users tfrom malicious phishing campaigns that are built to exploit these vulnerabilities in order to phish credentials or deliver malicious apps to the device. Finally, Lookout will detect if an attacker is successfully able to compromise the device at the OS level.
CISA is requiring all government organizations to update to the patched version of these apps by July 14th, 2023.
Overview
Apple released two new iOS versions, iOS 16.5.1 and iOS 15.7.7, last week. In a recently released Lookout threat guidance for Operation Triangulation, we described the severity of the Triangulation malware. The malware is designed to be delivered using invisible iMessage texts by attaching a malicious file that exploits OS-level vulnerabilities of iOS without needing any user action. We also noted that iOS 15.7 is the latest OS version that was successfully compromised, and there are no indications of the exploits working in more recent iOS versions. The two vulnerabilities listed below are fixed in iOS 16.5.1 and in iOS 15.7.7
- CVE-2023-32434 - allows a malicious app to execute binary code with kernel privileges
- CVE-2023-32439 - uses maliciously crafted web content to execute arbitrary code
Apple is aware of reports where these vulnerabilities are exploited in the wild, as described above. 15.7.7 also fixed CVE-2023-32435, a WebKit vulnerability that may lead to executing arbitrary code by processing webpages.
Lookout Analysis
Lookout shared the analysis of Operation triangulation in a recently released threat guidance. The reports of attacks have mostly been limited to iOS 15.7 and earlier. However, since the exploited vulnerabilities still exist in the later versions, it is only a matter of time till the attackers catch up on the versions of series 16 as well. Apple released the patch to fix these in 16.5.1 and 15.7.7. Using the Out of Date OS policy and ensuring that devices have auto-update enabled will help protect the devices.
Further, domains are associated with this attack’s malicious activity and additional ones for executing commands for collection. These can be blocked by ensuring Lookout’s PCP module is in place and actively protecting the devices. Aside from a version release, the vulnerabilities also made it into the list of CISA guidelines for government agencies to patch by July 14th, 2023.