JAKARTA - Kaspersky's GReAT team discovered vulnerabilities in Apple's systems on a chip, or SoC, which played an important role in recent iPhone attacks, known as Triangulation Operations.
For information, Operation Triangulation is an Advanced Persistent Threat (APT) campaign targeting iOS devices, discovered by Kaspersky early last summer.
This Triangulation operation allows attackers to bypass hardware-based memory protection on iPhones running versions of iOS to iOS 16.6.
The vulnerability found is a hardware feature. So, after the initial attack iMessage zero click, attackers take advantage of hardware features to bypass hardware-based security protection and manipulate content in protected memory areas.
As far as Kaspersky knows, this feature is not publicly documented, thus presenting significant challenges in its detection and analysis using conventional security methods.
GREAT researchers are currently involved in extensive back-up engineering, carefully analyzing hardware integration and iPhone software, particularly focusing on Memory-Mapped I/O addresses, or MMIO.
The unknown MMIO address, used by attackers to bypass hardware-based kernel memory protection, is not identified, thus presenting significant challenges.
SEE ALSO:
This is not an ordinary vulnerability. Due to the nature of the closed iOS ecosystem, the discovery process is challenging and time-consuming, thus requiring a comprehensive understanding of the hardware and software architecture," Boris Larun, Main Security Researcher at GREAT Kaspersky said in a statement.
Larin added that this engineering teaches us that even sophisticated hardware-based protection can be ineffective in dealing with sophisticated attackers.
This vulnerability has an impact on the broad spectrum of Apple products, including iPhones, desktops, iPads, macOS devices, Apple TV, and Apple Watch. Kaspersky also informed Apple about the exploitation of hardware features, leading to further mitigation by the company.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)