Unknown vulnerability discovered in iPhones

Attack APT was discovered by Kaspersky in mid-2023. The new vulnerability allows attackers to bypass memory protection in iOS 16.6 or earlier.

Kaspersky Global Research and Analysis Team (GReAT) reveals a previously unknown hardware vulnerability in iPhones, which has played a key role in the latest espionage campaign attacks Operation Triangulation an advanced persistent threat (APT) that targets Apple devices and was discovered by a cybersecurity firm in mid-2023. This vulnerability allows attackers to bypass memory protection on iPhones running iOS 16.6 or earlier.

This vulnerability is a hardware feature, likely based on the principle of security through obscurity, and may have been designed for testing or debugging purposes. After an initial attack on iMessage and gaining access permission, attackers use this hardware functionality to bypass security protections and manipulate the contents of protected memory areas. This step was crucial for full control of the device. Apple has already patched this vulnerability and identified it such as CVE-2023-38606.

In accordance with Kaspersky, vulnerability was not yet publicly documented, which poses a challenge for its detection and analysis by conventional security methods. GReAT researchers performed detailed reverse engineering, carefully analyzing the integration iPhone hardware and software. The team also had to decipher
operation of the SoC (System on a chip) and its interaction with the iOS operating system, especially related to memory management and protection mechanisms.

“This is not a common vulnerability. Due to the closed nature of the iOS ecosystem, the discovery process was challenging and time-consuming, requiring a thorough understanding of the architecture of both hardware and software. What this discovery has taught us once again is that even advanced hardware-based protections can be ineffective against a sophisticated attacker, especially when there are features that allow these protections to be bypassed, says Boris Larin, senior security researcher at Kaspersky.

Operation Triangulation" is a sophisticated APT campaign that uses exploits unknown (zero day) distributed via iMessagewhich enables Attackers control the target device and access its data. In this situation, Apple has already made a set of security patches available to users to address the four zero-day vulnerabilities identified inKaspersky is investigating and it could affect various devices, such as iPhone, iPod, iPad, macOS computers, Apple TV and Apple Watch. Kaspersky also notified Apple of exploiting hardware functionality, which led to its subsequent correction.

To avoid being a victim of a sophisticated attack by a known or unknown group, Kaspersky researchers we recommend the following security measures:

● Periodically update your operating system, programs, and security protection to fix everything known vulnerability.
● Provide staff SOC (Security Operations Center) access to the latest threat intelligence. Kaspersky Threat Intelligence Portal is a single access point for enterprise IT departments, providing cyber attack data and insights collected by Kaspersky for over 20 years.
● Empower your cybersecurity team to address the latest targeted threats with online training from Kaspersky developed by GReAT experts.
● To detect, investigate and remediate endpoint incidents, adopt EDR solutions such as Kaspersky endpoint detection and response.
● Investigate alerts and threats identified by security controls via Kaspersky Incident Response and digital forensics services for more detailed information.