The Kaspersky Global Research and Analysis Team (GReAT) has uncovered a security vulnerability in Apple’s System-on-Chip (SoC), a critical flaw exploited in a series of attacks known as “Operation Triangulation.” The team presented this discovery at the 37th Chaos Communication Congress in Hamburg.
This vulnerability allows attackers to bypass the memory protection system in iPhones running iOS 16.6 or older. The discovered security loophole is considered a hardware advantage, possibly rooted in the principle of “security through obscurity,” and its purpose may have been testing or error correction.
This hardware advantage played a role in the Operation Triangulation attack following the initial assault that didn’t require clicking through the iMessage service, subsequently escalating privileges. Attackers leveraged this hardware advantage to bypass hardware-based protection measures and manipulate memory-protected areas.
This step was crucial for attackers to gain full control over the targeted device. Apple has addressed this vulnerability, identified as CVE-2023-38606, after Kaspersky researchers provided details.
According to Kaspersky, this advantage wasn’t publicly documented, complicating its discovery and analysis using traditional security methods. The GReAT team conducted extensive reverse engineering and precise analysis to understand the interaction between iPhone hardware and the iOS operating system, particularly regarding memory management and protection mechanisms.
This process included a comprehensive examination of various hardware schematics, source code, kernel images, and firmware, aiming to identify any unknown MMIO (Memory Mapped I/O) addresses used by attackers to bypass core memory protection mechanisms. The unknown MMIO addresses proved challenging to discover in any hardware schematics, posing a significant challenge. Therefore, Kaspersky’s team had to comprehend the intricate workings of the on-chip system and its interaction with the iOS operating system, focusing on MMIO addresses necessary for effective communication between the CPU and peripheral devices.
It’s noteworthy that Kaspersky previously revealed the Operation Triangulation attack earlier this year, an ongoing Advanced Persistent Threat (APT) campaign targeting iOS devices.
Apple released security updates addressing four Zero-Day vulnerabilities officially discovered by Kaspersky researchers: CVE-2023-32434, CVE-2023-32435, CVE-2023-38606, and CVE-2023-41990. These vulnerabilities affected a wide range of Apple products, including iPhones, iPads, macOS-powered computers, Apple TVs, and Apple Watch smartwatches.
Kaspersky’s security experts offer the following advice to protect against Operation Triangulation attacks:
Regularly update the operating system, applications, and antivirus software to patch known security vulnerabilities. Provide the security operations team access to the latest threat information. The Kaspersky Threat Intelligence Portal serves as a unified access point for threat information, offering cyberattack data collected by Kaspersky over 20 years. Train your cybersecurity team to combat the latest targeted attacks using Kaspersky’s online training service developed by GReAT experts. Implement endpoint detection and response solutions like Kaspersky Endpoint Detection and Response to detect, investigate, and resolve incidents at the endpoint level. Review security alerts and threats identified by security control elements through Kaspersky’s Incident Response and Digital Forensics services for comprehensive insights.
Leave a Reply