13:16
09:59
14:15
10:28
09:59
17:20
13:16
09:59
14:15
10:28
09:59
17:20
13:16
09:59
14:15
10:28
09:59
17:20
13:16
09:59
14:15
10:28
09:59
17:20
Kaspersky's Global Research and Analysis Team (GReAT) has uncovered a previously unknown hardware vulnerability in Apple iPhones that played a pivotal role in the Operation Triangulation campaign.
This vulnerability in Apple's System on a chip (or SoC) allowed attackers to bypass hardware-based memory protection on iPhones running iOS versions up to iOS 16.6. The vulnerability, possibly designed for testing or debugging, was exploited by attackers to manipulate protected memory regions, leading to full control over the device.
Apple has since addressed the issue, identified as CVE-2023-38606.
The hardware feature, not publicly documented and possibly based on "security through obscurity," posed a significant challenge for detection and analysis due to the closed nature of the iOS ecosystem.
Kaspersky's researchers engaged in extensive reverse engineering, examining the iPhone's hardware and software integration, particularly focusing on critical Memory-Mapped I/O (MMIO) addresses. The team discovered unknown MMIO addresses used by attackers to bypass hardware-based kernel memory protection.
The operation, known as "Operation Triangulation," is an Advanced Persistent Threat (APT) campaign targeting iOS devices, utilizing zero-click exploits distributed via iMessage.
Kaspersky recommends users regularly update their operating systems, applications, and antivirus software to patch known vulnerabilities, while also providing security teams with the latest threat intelligence and upskilling them to combat evolving cyber threats.