Kaspersky believes the feature was likely intended for internal testing or debugging purposes and accidentally left accessible.Īttackers exploiting such an obscure hardware issue indicates extremely sophisticated capabilities. The registers did not show up in any Apple device tree documentation. Through extensive reverse engineering, researchers discovered the hackers had leveraged secret memory registers associated with an undocumented hardware feature to disable the Page Protection Layer. However, the most intriguing aspect was the hackers' usage of an unknown hardware vulnerability to bypass an advanced memory protection called the Page Protection Layer, which prevents even kernel-level malware from arbitrarily running code or modifying data. Together, they enabled the attackers to gain root privileges on devices and disable security features like kernel code signing. The exploits targeted vulnerabilities in areas like the iOS kernel, Safari browser and font rendering. The company has since patched all four of the vulnerabilities, which are tracked as: This allowed the campaign to persist undetected for years.Īnalysis by Kaspersky revealed Operation Triangulation utilized an extremely advanced four-zero-day exploit chain to bypass iPhone security protections and achieve full system compromise. The messages contained exploits that silently jailbroke devices without any user interaction, allowing the attackers to install spyware that harvested data including recordings, photos, location and more.Įven after infected iPhones were rebooted, the attackers sent new messages to re-exploit them. The attack exploited multiple zero-day vulnerabilities to silently compromise iPhones and install spyware without any user interaction.Īccording to the researcher, the malware was initially delivered to iPhones via malicious iMessages. Researchers from Kaspersky have published new technical details on Operation Triangulation, an extremely sophisticated iOS spyware attack uncovered earlier this year. Operation Triangulation: New Details on iOS Zero-Click Exploits - Cyber Kendra
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |