【 以下文字转载自 NewExpress 讨论区 】
发信人: iwannabe (I wanna be), 信区: NewExpress
标  题: 原来这次宣传的网络攻击来自于苹果imessage啊
发信站: 水木社区 (Mon Oct 20 16:52:05 2025), 站内

Operation Triangulation is a real 0-click iMessage exploit chain using 4
zero-days (CVE-2023-41990, -32434, -38606, -32435) to install spyware on iOS
up to 16.2. Kaspersky discovered it in 2023 via infected employee devices and
internal monitoring; they reported to Apple, who patched but didn't pay a
bounty.

Attribution to US NSA is alleged by Russia's FSB but unconfirmed by Kaspersky
or independent sources—likely a state actor.

US banned Kaspersky in 2024 over security risks. The attack's sophistication
and costs align with claims; CVE-2023-38606 exploited obscure GPU hardware,
possibly via insider knowledge.

这个cve据说特别精巧，像是人工植入的。
--
FROM 111.55.204.*