Operation Triangulation: Zero-Click iPhone Malware

Kaspersky is reporting a zero-click iOS exploit in the wild:

Mobile device backups contain a partial copy of the filesystem, including some of the user data and service databases. The timestamps of the files, folders and the database records allow to roughly reconstruct the events happening to the device. The mvt-ios utility produces a sorted timeline of events into a file called “timeline.csv,” similar to a super-timeline used by conventional digital forensic tools.

Using this timeline, we were able to …

backups click copy data database databases device events exploit exploit in the wild exploits files filesystem folders forensics ios iphone iphone malware kaspersky malware mobile mobile device operation triangulation partial reporting service triangulation user data utility zero-click