An iMessage vulnerability on iPhones running older iOS can be exploited by hackers to send malicious code and take control of the device. Russian security firm Kaspersky said it had accidentally discovered the vulnerability after some employees’ iPhones ran unusually slow and could not update to new iOS. The company then backed up the data of the suspected virus device and found evidence of a malware intrusion. Kaspersky calls the vulnerability “operation triangle”. Specifically, crooks will use iMessage to send messages with malicious code to the target iPhone. Malware can then get inside iOS without the user’s knowledge. After successful installation, they will “listen” to the remote hacker every time the device connects to the Internet. Kaspersky said that when exploiting the vulnerability, malicious code gained unrestricted access to iPhones and ran a series of commands to collect personal information, including microphone recordings, images from messengers and geolocation. Even deleted messages can be recovered. After stealing data, the software will automatically delete traces, so it is difficult for users to detect that their iPhone is infected with malicious code. “Operation triangle” is estimated to have been active since 2019 and continues to this day. Apple is said to have known the vulnerability and patched it, as only iPhone models running iOS 15.7 and earlier are vulnerable. Apple this week said (more than 80%)(https://vnexpress.net/so-hoa/hon-80-iphone-da-cap-nhat-len-ios-16-4609288.html) iPhone users have updated iOS 16 update, which means most are no longer at risk of attack. However, with 1.36 billion iPhones active in the world, 258 million iPhone users could still be targeted. The simple way to avoid the problem is to update to the latest iOS. However, with an infected machine, the malicious code will block the update, so the only way is to factory reset the machine. Apple has not yet responded to Kaspersky’s report.