The United States Cybersecurity and Infrastructure Security Agency (CISA) has made public six more vulnerabilities that are currently being exploited. This list includes three from Apple (CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439), two from VMware (CVE-2023-20867 and CVE-2023-20887), and one impacting Zyxel devices (CVE-2023-27992).
The triangulation operation
Among these vulnerabilities, CVE-2023-32434 and CVE-2023-32435, both permitting code execution, are known to have been exploited since 2019 in a major cyber-espionage operation titled ‘Operation Triangulation’. This operation uses a spyware named TriangleDB to extract a wide range of information from the targeted devices.
The attack starts with an iMessage sent to the victim with an attachment. The attachment auto-executes the payload without the user’s interaction. Kaspersky, the cybersecurity firm that originally reported the situation, explained that this malicious message is malformed and doesn’t cause any alerts for the user.
Exploited vulnerabilities beyond the newly added
CVE-2023-32434 and CVE-2023-32435 are among several iOS vulnerabilities manipulated in the espionage attack. One such vulnerability was CVE-2022-46690, a high-severity issue, which was patched by Apple in December 2022.
Future threats and precautionary measures
Kaspersky warned that TriangleDB contains unused features that could target macOS and access the device’s microphone, camera, and address book. The Federal Civilian Executive Branch (FCEB) agencies are advised to apply vendor-provided patches immediately to secure their networks against potential threats.
In another development, CISA has issued an alert about three vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could lead to a denial-of-service (DoS) condition. It’s the second time in less than six months that patches have been released to resolve similar issues in BIND9 that could cause DoS and system failures.
To our valued readers, what are your thoughts on the increasing cyber threats? Are you doing enough to keep your data and devices secure? Please share your thoughts and experiences in the comments below.