December 28, 2023 at 10:54AM
Kaspersky’s GReAT team uncovered a hidden iPhone feature, exploited through CVE-2023-38606, allowing attackers to evade memory protection. The issue affected iPhones on iOS up to 16.6 and may have been for testing or debugging. The team’s thorough analysis revealed a sophisticated attack vector, demonstrating how even advanced hardware protection can be circumvented.
Key Takeaways from the Meeting Notes:
1. Kaspersky’s Global Research and Analysis Team (GReAT) identified a previously unknown ‘feature’ in Apple iPhones that allowed attackers to bypass hardware-based memory protection.
2. The issue was addressed in CVE-2023-38606, which was patched in July 2023 and affected iPhones running iOS versions up to 16.6.
3. The discovered hardware feature may have been intended for testing or debugging and lacked public documentation, making it difficult to detect and analyze using typical tools.
4. Attackers leveraged this hardware feature to bypass security protections and manipulate the contents of protected memory regions.
5. Researchers reverse-engineered the device and focused on Memory-Mapped IO (MMIO) addresses to track down the vulnerability, particularly addressing the use of unknown MMIO addresses to bypass hardware-based kernel protection.
6. Despite advanced hardware-based protections, this vulnerability played a critical role in the “Operation Triangulation” campaign, allowing attackers to access targeted devices, deploy spyware, and access user data. Kaspersky promptly informed Apple about the exploitation, and it was swiftly mitigated.
7. The discovery underscores the importance of comprehensive understanding of both hardware and software architectures and highlights the ineffectiveness of security through obscurity in the face of sophisticated attacks.