It appears that Apple's iPhone shipped with some unknown hardware features that were then discovered by hackers who found a way to exploit them in highly destructive zero-click attacks.
A new report from Kaspersky outlines how it discovered a unique spyware targeting iPhone devices about five years ago. They called the campaign “Operation Triangulation,” and after reverse engineering the spyware and shutting down the campaign, Kaspersky discovered that the attackers had linked four vulnerabilities together to conduct zero-click attacks.
As the name suggests, these attacks require no interaction on the part of the victim and can be used to steal sensitive data from the endpoint, remotely execute code, or completely take over the device.
Zero-click attacks
The four vulnerabilities linked together are tracked as CVE-2023-41990, CVE-2023-32434, CVE-2023-32435, and CVE-2023-38606. The latter is especially interesting as it focuses on MMIO (memory-mapped I/O) registers in Apple A12-A16 Bionic processors that are not listed in the DeviceTree.
“When trying to describe this feature and how the attackers exploited it, it all boils down to this: they are able to write data to a specific physical address while bypassing hardware-based memory protection by transferring the data and destination address and data hash to unknown hardware registers of the chip that are not used by the firmware,” Kaspersky said in its report.
At this point, no one knows how or why these features ended up in the commercial version of the device. BleepingComputer reports that the Russian Intelligence Service (FSB) has accused Apple of building a backdoor that the NSA can use against the Russian government and embassy staff. It was also speculated that the features were accidentally left out and used in the development phase for debugging or hardware testing.
Regardless, Apple addressed the problem by updating the device structure to limit physical address allocation.
Ny Breaking has contacted Apple for comment.