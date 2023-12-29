#iPhones #full #spyware #exploits #Kaspersky #employees #phones #Day #exploit

Researchers in the field of cyber security made public on Wednesday, December 28, a series of discoveries regarding vulnerabilities on iPhones. It is about an attack that over the course of 4 years put backdoors on many iPhones belonging to the employees of the cyber security company Kaspersky.

The attackers, who remain unknown, gained an unprecedented level of access by exploiting a vulnerability caused by a hardware flaw that few people knew about. Apart from Apple engineers and chip suppliers like ARM Holdings. The attackers had advanced technical capabilities, says Kaspersky researcher Boris Larin. It is possible that he also did reverse engineering.

The backdoor infection campaign also targeted thousands of iPhones of people who worked in diplomatic missions or embassies in Russia. Over the course of 4 years, infected packages were delivered via iMessage messages that installed malware on phones through a complex exploit that didn’t even require the victim to click or install anything.

The malware was named “Triangulation” and exploited 4 critical zero day vulnerabilities:

CVE-2023-32434

CVE-2023-32435

CVE-2023-38606

CVE-2023-41990

All have received patches in the meantime. Those vulnerabilities and “secret hardware features” were also found on Macs, iPods, iPads, Apple TVs and Apple Watches. Basically they came from the factory with them. A zero-day attack is a feature that allows an attacker to bypass advanced hardware-level memory protections.

The vulnerability is also found on Apple’s M1 and M2 processors. Kaspersky engineers noted that there are hardware registers, which provide memory addresses for processors and allow interaction with peripherals such as USBs, memory controllers and GPUs. MMIOs, or Memory-Mapped Input/Output, allow the processor to write to that hardware register of a peripheral.

Some MMIO addresses were used to bypass memory protections. It is not yet known who is behind the attack, but some blame the US, specifically the NSA.

