CyberSecurityBoard
Sponsor Register Login

0-click iMessage Attacks to Hack iPhones

Hackers exploit Zero-Days because these vulnerabilities are unknown to software developers, making them valuable for launching attacks before developing patches.
Here below, we have mentioned all the four zero-days that were discovered:-.
Attackers send a harmful iMessage attachment that exploits a code execution vulnerability in Apple's ADJUST TrueType font.
It patches JavaScriptCore to run a privilege escalation exploit in obfuscated JavaScript, totaling around 11,000 lines.
The exploit leverages DollarVM to control JavaScriptCore's memory and execute native API functions.
It was designed for both old and new iPhones, and for the recent models, it bypasses the PAC. Meanwhile, the CVE-2023-32434 is exploited to gain read/write access via XNU's syscalls.
To bypass the Page Protection Layer, it uses the MMIO registers, which CVE-2023-38606 mitigated.
SoC peripheral devices have MMIO registers mapped via DeviceTree.
Operation Triangulation exploit targets unknown MMIOs in Apple A12-A16 Bionic SoCs at:-.
Despite extensive searches, no references were found in device tree files, source code, firmware, or kernel images.
Exploit uses the following unknown addresses mainly within gfx-asc regions, hinting at GPU coprocessor:-.
Here, the device tree and pmgr utility was used to find the GFX register in the power manager MMIO range.
Through the SERROR Exception, the GPU coprocessor involvement was confirmed.
The 0x206040000 register was explored during the exploit stages, and it's been identified CoreSight MMIO debug registers for the GPU coprocessor.
The ml dbgwrap halt cpu function was discovered in the XNU source code and recognized the purpose of unknown registers, like 0x206150020 for A15/A16 Bionic SoCs.
For page table patching, the PPL bypass hardware feature was revealed and exploited for kernel debugging on iPhones.
The m1n1 tool used to trace MMIO registers on M1 found no usage by macOS and shared similarity with 37C3 presentation on Blu-ray drive vulnerability.
The iOS 16.6 fix was mitigated by adding MMIO ranges to the device tree and the Pmap-io-ranges in the device tree used by XNU to control physical address mapping.
Unusual vulnerability puzzles the researchers, as the origin and purpose of unknown hardware features confuse the experts; however, it's unclear if Apple or a third party designed it.
This flaw exposes the uselessness of the advanced hardware protections against smart attackers.


This Cyber News was published on gbhackers.com. Publication date: Thu, 28 Dec 2023 15:43:05 +0000


Cyber News related to 0-click iMessage Attacks to Hack iPhones

Apple Sets Trap to Catch iMessage Impersonators - Apple's latest iOS and macOS platform refresh came with a lot more than urgent security patches. The company activated a new feature called iMessage Contact Key Verification in another attempt to block impersonators and sophisticated threat actors ...
1 year ago Securityweek.com
Apple Sets Trap to Catch iMessage Impersonators - Apple's latest iOS and macOS platform refresh came with a lot more than urgent security patches. The company activated a new feature called iMessage Contact Key Verification in another attempt to block impersonators and sophisticated threat actors ...
1 year ago Packetstormsecurity.com
0-click iMessage Attacks to Hack iPhones - Hackers exploit Zero-Days because these vulnerabilities are unknown to software developers, making them valuable for launching attacks before developing patches. Here below, we have mentioned all the four zero-days that were discovered:-. Attackers ...
1 year ago Gbhackers.com CVE-2023-32434 CVE-2023-38606
iPhone 0-click spyware campaign 'Triangulation' detailed - Months after blowing the whistle on a sophisticated campaign that dropped full-featured spyware onto iPhones, researchers have disclosed more about the attack's complex exploit chain that abused four separate vulnerabilities. Among the finding are ...
1 year ago Packetstormsecurity.com CVE-2023-38606 CVE-2023-41990 CVE-2023-32434 CVE-2023-32435
Apple Smashes Ban Hammer on Beeper iMessage Users - Apple has taken to banning Beeper's Android users from iMessage entirely. Tim's crew still claims Beeper is a threat to user security, but nobody's buying that excuse. Cofounder Eric Migicovsky has all but given up Beeper's game of Whac-A-Mole. In ...
1 year ago Securityboulevard.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Hack The Box Launches 5th Annual University CTF Competition - PRESS RELEASE. Hack The Box, the leading gamified cybersecurity upskilling, certification, and talent assessment platform, is announcing its fifth annual global University Capture The Flag competition that will take place from December 8 to 10, 2023. ...
1 year ago Darkreading.com
Congressman Coming for Answers After No-Fly List Hack - U.S. Congressman Bennie Thompson is demanding answers from airlines and the federal government after a "massive hack" of the no-fly list. The congressman sent a letter to the airlines and the Department of Homeland Security asking for an explanation ...
2 years ago Therecord.media
Mysterious Apple SoC Feature Exploited to Hack Kaspersky Employee iPhones - A hardware feature present in an Apple system-on-a-chip was abused to successfully bypass protections and take over devices in attacks targeting the iPhones of dozens of Kaspersky senior employees earlier this year, the Russian cybersecurity vendor ...
1 year ago Securityweek.com
Apple fixes two new iOS zero-days in emergency updates - Apple released emergency security updates to fix two zero-day vulnerabilities exploited in attacks and impacting iPhone, iPad, and Mac devices, reaching 20 zero-days patched since the start of the year. "Apple is aware of a report that this issue may ...
1 year ago Bleepingcomputer.com CVE-2023-42916 CVE-2023-42917
How to Share a Wi-Fi Password: A Step-by-Step Guide - You can unsubscribe at any ...
6 months ago Techrepublic.com
'Operation Triangulation' Spyware Attackers Bypass iPhone Memory Protections - The Operation Triangulation attacks are abusing undocumented functions in Apple chips to circumvent hardware-based security measures. A previously undocumented hardware feature within Apple's iPhone System on a Chip allows for exploitation of ...
1 year ago Darkreading.com CVE-2023-41990 CVE-2023-32434 CVE-2023-38606 CVE-2023-32435
Click Profit blocked by the FTC over alleged e-commerce scams - Click Profit is an online business paltform promoted on social media and through websites that claims to help consumers generate passive income by setting up and managing e-commerce stores on Amazon, Walmart, and other platforms. The US Federal Trade ...
1 month ago Bleepingcomputer.com
This tiny device is sending updated iPhones into a never-ending DoS loop - One morning two weeks ago, security researcher Jeroen van der Ham was traveling by train in the Netherlands when his iPhone suddenly displayed a series of pop-up windows that made it nearly impossible to use his device. "My phone was getting these ...
1 year ago Arstechnica.com
North Korean hackers linked to $1.5 billion ByBit crypto heist - Since the attack, crypto fraud investigator ZachXBT has discovered links between the Bybit hackers and the infamous North Korean Lazarus threat group after the attackers sent stolen Bybit funds to an Ethereum address previously ...
1 month ago Bleepingcomputer.com Lazarus Group
Apple emergency updates fix recent zero-days on older iPhones - Apple has issued emergency security updates to backport patches for two actively exploited zero-day flaws to older iPhones and some Apple Watch and Apple TV models. The two vulnerabilities, now tracked as CVE-2023-42916 and CVE-2023-42917, were ...
1 year ago Bleepingcomputer.com CVE-2023-42916 CVE-2023-42917
The year of Mega Ransomware attacks with unprecedented impact on global organizations - A Staggering 1 in every 10 organizations worldwide hit by attempted Ransomware attacks in 2023, surging 33% from previous year, when 1 in every 13 organisations received ransomware attacks Throughout 2023, organizations around the world have each ...
1 year ago Blog.checkpoint.com
iPhone Triangulation attack abused undocumented hardware feature - The Operation Triangulation spyware attacks targeting iPhone devices since 2019 leveraged undocumented features in Apple chips to bypass hardware-based security protections. This finding comes from Kaspersky analysts who have been reverse-engineering ...
1 year ago Bleepingcomputer.com CVE-2023-38606 CVE-2023-32434
The SANS Holiday Hack Challenge is back! The Register - Review and manage your consent Here's an overview of our use of cookies, similar technologies and how to manage them. Webinar Whether you are considering a career in cyber security or you already work in the industry, the 2023 SANS Holiday Hack ...
1 year ago Go.theregister.com
China's biggest lender ICBC hit by ransomware attack - Industrial and Commercial Bank of China Ltd Nov 10 - The Industrial and Commercial Bank of China's U.S. arm was hit by a ransomware attack that disrupted trades in the U.S. Treasury market on Thursday, the latest in a string of victims ...
1 year ago Reuters.com LockBit
Insomniac hack files leak news on Wolverine, Spider-Man 3, and more - Oli Welsh is senior editor, U.K., providing news, analysis, and criticism of film, TV, and games. He has been covering the business & culture of video games for two decades. The ransomware group that hacked Spider-Man 2 developer Insomniac Games on ...
1 year ago Polygon.com Rhysida
Final Patch Tuesday of 2023 goes out with a bang The Register - It's the last Patch Tuesday of 2023, which calls for celebration - just as soon as you update Windows, Adobe, Google, Cisco, FortiGuard, SAP, VMware, Atlassian and Apple products, of course. Let's start with Apple, since two of the bugs Cupertino ...
1 year ago Go.theregister.com CVE-2023-42916 CVE-2023-42917 CVE-2023-36019 CVE-2023-20588 CVE-2023-34064 CVE-2023-41678
Final Patch Tuesday of 2023 goes out with a bang The Register - It's the last Patch Tuesday of 2023, which calls for celebration - just as soon as you update Windows, Adobe, Google, Cisco, FortiGuard, SAP, VMware, Atlassian and Apple products, of course. Let's start with Apple, since two of the bugs Cupertino ...
1 year ago Packetstormsecurity.com CVE-2023-42916 CVE-2023-42917 CVE-2023-36019 CVE-2023-20588 CVE-2023-34064 CVE-2023-41678
Why every company needs a DDoS response plan - Today's DDoS attacks are not what they were even a few years ago, and we continue to see DDoS attacks that are framed as the largest in history. As a result, large organizations need adaptive, multilayered defense capabilities that can respond just ...
9 months ago Helpnetsecurity.com
Apple Patches Are Out, Old iPhones Get an Old Zero-Day Fix At Last - Apple has pushed out a patch for iPhones that fixes a zero-day vulnerability in iOS, released way back in 2017. This patch is significant for old iPhone models because the bug has gone unaddressed for so long, making it difficult - if not impossible ...
2 years ago Nakedsecurity.sophos.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)