New iPhone Exploit Uses Four Zero-Days
Kaspersky researchers have uncovered a highly sophisticated attack that exploited four zero-day vulnerabilities in iPhones over a span of four years. The attack, dubbed Operation Triangulation, targeted the devices of employees at Moscow-based security firm Kaspersky. The most significant aspect of this attack is the exploitation of a previously unknown hardware feature, which allowed the attackers to bypass advanced hardware-based memory protections. These protections are designed to safeguard the integrity of the device’s system even after an attacker gains access to the kernel. The attackers were able to bypass this protection by exploiting a vulnerability in the secret function. This protection is also present in Apple’s M1 and M2 CPUs.
Kaspersky’s discovery of this attack confirms that it is the work of a nation-state actor due to its high level of sophistication. The attack demonstrates the lengths to which attackers are willing to go to exploit vulnerabilities in iPhones. It also highlights the importance of robust hardware-based memory protections to safeguard against such attacks. Apple will likely need to address these vulnerabilities and strengthen its security measures in future iOS updates.
– Kaspersky researchers have uncovered a four-year-long attack on iPhones that exploited four zero-day vulnerabilities.
– The attack bypassed advanced hardware-based memory protections by exploiting a vulnerability in a secret hardware feature.
– Kaspersky’s discovery confirms that the attack was the work of a nation-state actor.
– This attack underscores the need for robust hardware-based memory protections and ongoing security updates from Apple.