Scroll Top

Boldest iPhone hack ever chains together Zero Day exploits to create Zero Click attack


Zero day exploits are powerful, giving hackers access to the keys of the kingdom, but by chaining many ZDE’s together this was one of the world’s most sophisticated attacks.


Love the Exponential Future? Join our XPotential Community, future proof yourself with courses from XPotential University, read about exponential tech and trendsconnect, watch a keynote, or browse my blog.

It’s now been revealed that the “Operation Triangulation” spyware attacks targeting Apple iOS devices leveraged never-before-seen exploits that made it possible to even bypass pivotal hardware-based security protections erected by the company. And the attackers did it by chaining together, for the first time, a huge number of Apple iOS exploits and Zero Day exploits to create a Zero Click attack that gave them full access to compromised devices.


See also
Estonia becomes the world's first virtual nation capable of rebooting itself


Russian cybersecurity firm Kaspersky, which discovered the campaign at the beginning of 2023 after becoming one of the targets, described it as the “most sophisticated attack chain” it has ever observed to date. The campaign is believed to have been active since 2019.


The Future of Cyber Security, by Futurist Matthew Griffin


The exploitation activity involved the use of four zero-day flaws that were fashioned into a chain to obtain an unprecedented level of backdoor access to target devices running iOS versions up to iOS 16.2 with the ultimate goal of gathering sensitive information.

The starting point of the zero click attack is an iMessage bearing a malicious attachment, which is automatically processed sans any user interaction to ultimately obtain elevated permissions and deploy a spyware module. Specifically, it involves the weaponization of a combination of vulnerabilities.


See also
Artists have found a way to screw AI companies scraping their data and destroy AI models


It’s worth noting that patches for CVE-2023-41990 were released by Apple in January 2023, although details about the exploitation were only made public by the company on September 8, 2023, the same day it shipped iOS 16.6.1 to resolve two other flaws (CVE-2023-41061 and CVE-2023-41064) that were actively abused in connection with a Pegasus spyware campaign.

This also brings the tally of the number of actively exploited zero-days resolved by Apple since the start of the year to 20.

Of the four vulnerabilities, CVE-2023-38606 deserves a special mention as it facilitates a bypass of hardware-based security protection for sensitive regions of the kernel memory by leveraging memory-mapped I/O (MMIO) registers, a feature that was never known or documented until now.


See also
Researchers used a quantum computer to invent a new cooling material


The exploit, in particular, targets Apple A12-A16 Bionic SoCs, singling out unknown MMIO blocks of registers that belong to the GPU coprocessor. It’s currently not known how the mysterious threat actors behind the operation learned about its existence. Also unclear is whether it was developed by Apple or it’s a third-party component like ARM CoreSight.

To put it in another way, CVE-2023-38606 is the crucial link in the exploit chain that’s closely intertwined with the success of the Operation Triangulation campaign, given the fact that it permits the threat actor to gain total control of the compromised system.

“Our guess is that this unknown hardware feature was most likely intended to be used for debugging or testing purposes by Apple engineers or the factory, or that it was included by mistake,” security researcher Boris Larin said. “Because this feature is not used by the firmware, we have no idea how attackers would know how to use it.”


See also
An AI built to generate “Fake News” is now helping detect it


“Hardware security very often relies on ‘security through obscurity,’ and it is much more difficult to reverse-engineer than software, but this is a flawed approach, because sooner or later, all secrets are revealed. Systems that rely on “security through obscurity” can never be truly secure.”

The development comes as the Washington Post reported that Apple’s warnings in late October about how Indian journalists and opposition politicians may have been targeted by state-sponsored spyware attacks prompted the government to question the veracity of the claims and describe them as a case of “algorithmic malfunction” within the tech giant’s systems.

In addition, senior administration officials demanded that the company soften the political impact of the warnings and pressed the company to provide alternative explanations as to why the warnings may have been sent. So far, India has neither confirmed nor denied using spyware such as those by NSO Group’s Pegasus.


See also
IBM will have a 1,000 qubit quantum computer by 2023, says new roadmap


Citing people with knowledge of the matter, the Washington Post noted that “Indian officials asked Apple to withdraw the warnings and say it had made a mistake,” and that “Apple India’s corporate communications executives began privately asking Indian technology journalists to emphasize in their stories that Apple’s warnings could be false alarms” to shift the spotlight away from the government.

Related Posts

Leave a comment


Awesome! You're now subscribed.

Pin It on Pinterest

Share This