Did you know Security Researchers Share Breakthrough Details About The Most Sophisticated iPhone Attack Of All Times
The years 2019 to 2022 gave rise to a huge tech vulnerability that is said to have affected iPhone users across the globe.
The attack in question was called out to be the most advanced and sophisticated of all times and it revolved around Operation Triangulation thanks to leading researchers from Kaspersky who were the first to explore it.
Now, they’ve ended up sharing everything regarding the ordeal that wreaked havoc.
Researchers who go by the name Boris, Larin, Leonid Bezvershenko, and
more presented the findings through a report. This was also the first
time in public that such intense details about the attack were being
unveiled to the general public. All kinds of risks, exploitations, and
vulnerabilities were talked about too for this advanced version of the
iMessage attack.
The authors of the study also shed light on
their findings via the SecureList blog from Kaspersky. Referred to it as
a major technical attack which is better known as Pegasus 0-Click that
exploited iMessage users, it was dubbed as a scary ordeal.
It lasted until we saw the existence of iOS 16.2 which was rolled out toward the end of last year.
There is a complete breakdown of how the chain attack arose and we’re
summarizing the findings for you below. It’s remarkable how many steps
were taken to attain control over the victim’s device.
As
mentioned by hackers, there was a malicious-themed alert sent out in the
form of an attachment that apps processed without obtaining consent
from the user who owned the device. The vulnerability exposed remote
code vulnerabilities. This kind of instruction existed during the early
nineties, right before a solo patch got rid of it.
It made use
of return/jump-oriented programming and several stages mentioned through
the NSExpression query terminology. The exploitation was mentioned
through JavaScript. In the end, it exploited the JavaScriptCore’s
debugging option and ended up manipulating the script’s memory to carry
out more API functions.
This vulnerability supported newer and
older versions of iPhones from Apple with PAC used for the exploitation
of newer models. It made use of an integral vulnerability to attain
access to the device’s physical memory too.
These were just some
of the many means through which the vulnerability attacked the device
and now it’s proof of how carefully it was designed to trick devices and
achieve its goal of commanding the phone.
The researchers in
this case call their study a breakthrough of novelty and the fact that
they could reverse engineer nearly all aspects of the attack through a
chain of events was a point worth mentioning. They hope to add more
insights through research in the year 2024 and they’ll be going in-depth
regarding the situation and breaking down all vulnerabilities and how
it carried out attacks.
They have similarly spoken about a mystery that continues to exist in
today’s day and age, as far as the CVI-2023-38606 is concerned.
According to them, it’s still hard to figure out how attackers became
aware of hidden hardware endeavors.
With the release of more
technical developments, they hope to provide assistance to researchers
at iOS and would also be needing their assistance in terms of finding
the right explanation about what went on and how it could be avoided in
the future.
In the end, the authors added how iMessage systems
emphasize security alerts via obscurity which in itself has major flaws
as far as security is concerned.
