01:21
Reddit blocks all search engines except Google as it implements AI paywall
01:21
OpenAI unveils SearchGPT, a new AI-powered search engine
18:24
Apple to release ultra-slim iPhone 17 with single rear camera
00:40
Tesla to have humanoid robots for internal use next year, Musk says
00:38
WhatsApp to introduce AirDrop-like feature for iPhone users
02:04
Apple continues AI innovation with new open-source language models
01:21
Reddit blocks all search engines except Google as it implements AI paywall
01:21
OpenAI unveils SearchGPT, a new AI-powered search engine
18:24
Apple to release ultra-slim iPhone 17 with single rear camera
00:40
Tesla to have humanoid robots for internal use next year, Musk says
00:38
WhatsApp to introduce AirDrop-like feature for iPhone users
02:04
Apple continues AI innovation with new open-source language models
01:21
Reddit blocks all search engines except Google as it implements AI paywall
01:21
OpenAI unveils SearchGPT, a new AI-powered search engine
18:24
Apple to release ultra-slim iPhone 17 with single rear camera
00:40
Tesla to have humanoid robots for internal use next year, Musk says
00:38
WhatsApp to introduce AirDrop-like feature for iPhone users
02:04
Apple continues AI innovation with new open-source language models
01:21
Reddit blocks all search engines except Google as it implements AI paywall
01:21
OpenAI unveils SearchGPT, a new AI-powered search engine
18:24
Apple to release ultra-slim iPhone 17 with single rear camera
00:40
Tesla to have humanoid robots for internal use next year, Musk says
00:38
WhatsApp to introduce AirDrop-like feature for iPhone users
02:04
Apple continues AI innovation with new open-source language models
Kaspersky's Global Research and Analysis Team (GReAT) has uncovered a previously unknown hardware vulnerability in Apple iPhones that played a pivotal role in the Operation Triangulation campaign.
This vulnerability in Apple's System on a chip (or SoC) allowed attackers to bypass hardware-based memory protection on iPhones running iOS versions up to iOS 16.6. The vulnerability, possibly designed for testing or debugging, was exploited by attackers to manipulate protected memory regions, leading to full control over the device.
Apple has since addressed the issue, identified as CVE-2023-38606.
The hardware feature, not publicly documented and possibly based on "security through obscurity," posed a significant challenge for detection and analysis due to the closed nature of the iOS ecosystem.
Kaspersky's researchers engaged in extensive reverse engineering, examining the iPhone's hardware and software integration, particularly focusing on critical Memory-Mapped I/O (MMIO) addresses. The team discovered unknown MMIO addresses used by attackers to bypass hardware-based kernel memory protection.
The operation, known as "Operation Triangulation," is an Advanced Persistent Threat (APT) campaign targeting iOS devices, utilizing zero-click exploits distributed via iMessage.
Kaspersky recommends users regularly update their operating systems, applications, and antivirus software to patch known vulnerabilities, while also providing security teams with the latest threat intelligence and upskilling them to combat evolving cyber threats.
Editor’s pick
