Exploitation for Priv-Esc × Apple iOS

A publicly-reported instance of Exploitation for Priv-Esc bypassing Apple iOS, recorded with its original source. Factual record; no assessment of any specific deployment.

Product

Apple iOS

Technique

Exploitation for Priv-Esc

MITRE ATT&CK

T1068

Confidence

High

Severity

Critical

Status

in the wild

Disclosed

2023-06-01

Config / version noted

Not stated

Provenance

eugene.kaspersky.com
disclosed 2023-06-01 · original source · via raw

Reported as

exploits multiple iOS vulnerabilities to execute code without user interaction

Mechanism

Attackers send an invisible iMessage with a malicious attachment that exploits multiple iOS vulnerabilities to execute code without user interaction. The spyware then installs covertly, disabling iOS updates to maintain persistence, and exfiltrates data to remote servers.

Detection & mitigation

Monitor network traffic for anomalous connections from iOS devices using SIEM solutions. Check for disabled iOS updates as an indirect indicator. Use backup analysis tools to detect spyware artifacts.

Exploitation for Priv-Esc has also been recorded against

Atlassian Bitdefender Broadcom (Symantec)Comodo Security ConnectWise CrowdStrike Elastic ESET F5 Fortinet Google HitmanPro

This is a record of a publicly-reported event, not an assessment of any specific organization's deployment. Detection and mitigation notes are drawn from the cited source. Where the source is silent, fields are omitted.