The Russian company found a critical vulnerability in iPhone processors
Experts from the Kaspersky Lab Global Center for Threat Research and Analysis have discovered a vulnerability in Apple smartphones that allows attackers to bypass hardware memory protection.
This vulnerability was used by attackers as part of the "Operation Triangulation" espionage campaign, which was previously revealed by Kaspersky Lab specialists.
The vulnerability received the code CVE-2023-38606 and was relevant for all versions of iOS up to 16.6. CVE-2023-38606 is a hardware feature not used in the firmware, which was probably intended for testing or debugging by Apple engineers.
To exploit the vulnerability, the attacker must first send the victim a hidden message in iMessage with a zero-click exploit in the attachment. After that, the attacker was able to execute the code and raised privileges using CVE-2023-38606.
Hackers used this hardware feature to bypass the hardware protection of Apple chips and manipulate protected memory areas. As a result, the attackers got full access to the infected gadget.
"This vulnerability proves that even the most modern hardware protections are powerless in the face of a sophisticated attacker, as long as there are hardware features that allow these protections to bypass," said Boris Larin, a leading researcher of cyber threats at Kaspersky Lab.
To date, Apple has eliminated this vulnerability.