Herr Bischoff

Operation Triangulation

Kaspersky found a new zero-click exploit for iOS:

While monitoring the network traffic of our own corporate Wi-Fi network using the Kaspersky Unified Monitoring and Analysis Platform (KUMA), we discovered a previously unknown mobile APT campaign targeting iOS devices. The targets are infected using zero-click exploits via the iMessage platform, and the malware runs with root privileges, gaining complete control over the device and user data. We are calling this campaign “Operation Triangulation”.

iMessage appears to be the most common infection vector for iOS devices. To the best of my knowledge, iMessage validates phone numbers with carriers. Wouldn’t the obvious solution to repelling a whole class of attacks be to restrict attachments?

Offer users a way to allow them exclusively from known contacts and/or severely restrict the allowed attachment types. Much like Apple’s own Lockdown Mode:

Most message attachment types are blocked, other than certain images, video, and audio. Some features, such as links and link previews, are unavailable.

I’d like to permanently disable link previews and other leaky stuff anyway.