Spyware Bug Squashed in iOS 15.8 on Older iPhones

Users of older iPhones and iPads still running iOS 15 are instructed to install a software update meant to address a weakness exploited in spyware attacks.

The Kernel flaw, tracked as CVE-2023-32434, can be used to “execute arbitrary code with kernel privileges,” meaning an attacker can run their code of choice on the target device, including malware.

Apple addressed the issue in June across most of its user base, but the weakness remains exploitable on devices running any iOS version older than 15.7.

“Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7,” according to the advisory.

iOS 15.8 plugs the hole starting with iPhone 6S and newer, while iPadOS 15.8 secures all iTablets past iPad Air 2 against this weakness.

The vulnerability is known to have been exploited in zero-click attacks through iMessage, with no interaction from the victim to achieve infection.

In June, the hacking campaign got the name “Operation Triangulation," with the malware itself named “TriangleDB.”

While most attacks on Apple platforms are highly targeted, it’s important to deploy the latest security patch issued by the vendor as soon as possible. Consider using a dedicated security solution on your Mac or iPhone as well.