Trigon - A New Exploit Revealed for iOS 0-Day kernel Vulnerability

Security researchers have released a sophisticated new kernel exploit targeting Apple iOS devices, dubbed Trigon, which leverages a critical vulnerability in the XNU kernel’s virtual memory subsystem. Discovered in the wild during Operation Triangulation, this flaw allows attackers to create a malicious memory entry spanning 18,000 petabytes—far exceeding physical device limits—by exploiting an unchecked addition of user-controlled size and offset parameters. The exploit, linked to the ith “Operation Triangulation” spyware campaign that first weaponized the flaw uncovered by Kaspersky, provides attackers with arbitrary kernel read/write primitives without triggering kernel panics—a rare feat in modern iOS exploitation. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. To bypass Page Validation Hash (PVH) protections, Trigon sprays thousands of IOSurface objects into physical memory. By crafting an IOSurface object with the IOSurfaceMemoryRegion property set to PurpleGfxMem, attackers bypass XNU’s vm_page_insert_internal panic checks, as PurpleGfxMem entries lack the internal flag enforced for standard allocations. Have you ever wondered why businesses still face cyber threats, even with the latest security software? Cybercriminals are always finding new ways to attack. The exploit’s deterministic nature—achieving success without memory corruption or race conditions—poses a unique challenge to Apple’s security model. The exploit identifies non-page-table regions housing sprayed objects by scanning the pv_head_table—a kernel structure tracking page types. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. The Kaspersky team, who first documented CVE-2023-32434 during Operation Triangulation, plans a detailed analysis of the arm64e-compatible chain used in the wild. Researchers emphasize that KTRR/CTRR, once considered unassailable, now requires deeper integration with SoC-level MMU policies to block physical mapping exploits.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 03 Mar 2025 08:30:32 +0000

Cyber News related to Trigon - A New Exploit Revealed for iOS 0-Day kernel Vulnerability

Trigon - A New Exploit Revealed for iOS 0-Day kernel Vulnerability - Security researchers have released a sophisticated new kernel exploit targeting Apple iOS devices, dubbed Trigon, which leverages a critical vulnerability in the XNU kernel’s virtual memory subsystem. Discovered in the wild during Operation ...
3 months ago Cybersecuritynews.com CVE-2023-32434

CVE-2024-26957 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago

Cisco discloses new IOS XE zero-day exploited to deploy malware implant - Cisco disclosed a new high-severity zero-day today, actively exploited to deploy malicious implants on IOS XE devices compromised using the CVE-2023-20198 zero-day unveiled earlier this week. The company said it found a fix for both vulnerabilities ...
1 year ago Bleepingcomputer.com CVE-2023-20198 CVE-2023-20273 CVE-2021-1435

10 of the biggest zero-day attacks of 2023 - Here are 10 of the biggest zero-day attacks of 2023 in chronological order. Zero-day attacks started strong in 2023 with CVE-2023-0669, a pre-authentication command injection vulnerability in Fortra's GoAnywhere managed file transfer product. ...
1 year ago Techtarget.com CVE-2023-0669 CVE-2023-34362 CVE-2023-36884 CVE-2023-4863 CVE-2023-41992 CVE-2023-41991 CVE-2023-41993 CVE-2023-22515

Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
1 year ago Securityaffairs.com CVE-2024-23222 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109

Over 10,000 Cisco devices hacked in IOS XE zero-day attacks - Attackers have exploited a recently disclosed critical zero-day bug to compromise and infect more than 10,000 Cisco IOS XE devices with malicious implants. The list of products running Cisco IOS XE software includes enterprise switches, aggregation ...
1 year ago Bleepingcomputer.com CVE-2023-20198

Samsung Galaxy S23 hacked twice on first day of Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 twice during the first day of the consumer-focused Pwn2Own 2023 hacking contest in Toronto, Canada. They also demoed exploits and vulnerability chains targeting zero-days in Xiaomi's 13 Pro ...
1 year ago Bleepingcomputer.com

CVE-2024-44989 - In the Linux kernel, the following vulnerability has been resolved: ...
6 months ago

CVE-2024-26688 - In the Linux kernel, the following vulnerability has been resolved: fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super When configuring a hugetlb filesystem via the fsconfig() syscall, there is a possible NULL dereference in ...
1 year ago Tenable.com

CVE-2022-49123 - In the Linux kernel, the following vulnerability has been resolved: ...
3 months ago

Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine - Apple has patched an actively exploited zero-day bug in its WebKit browser engine for Safari. Actively Exploited Apple yesterday described the vulnerability as something an attacker could exploit to execute arbitrary code on affected systems. ...
1 year ago Darkreading.com CVE-2024-23222

Exploit released for critical Cisco IOS XE flaw, many hosts still hacked - Public exploit code is now available for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198 that was leveraged as a zero-day to hack tens of thousands of devices. Cisco released patches for most releases of its IOS XE software but ...
1 year ago Bleepingcomputer.com CVE-2023-20198

Samsung Galaxy S23 hacked two more times at Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 smartphone two more times on the second day of the Pwn2Own 2023 hacking competition in Toronto, Canada. The contestants also demoed zero-day bugs in printers, routers, smart speakers, surveillance ...
1 year ago Bleepingcomputer.com

Apple fixes Safari WebKit zero-day flaw exploited at Pwn2Own - Apple has released security updates to fix a zero-day vulnerability in the Safari web browser exploited during this year's Pwn2Own Vancouver hacking competition. The company addressed the security flaw on systems running macOS Monterey and macOS ...
1 year ago Bleepingcomputer.com CVE-2024-27834

Cisco patches IOS XE zero-days used to hack over 50,000 devices - Cisco has addressed the two vulnerabilities that hackers exploited to compromise tens of thousands of IOS XE devices over the past week. The free software release comes after a threat actor leveraged the security issues as zero-days to compromise and ...
1 year ago Bleepingcomputer.com CVE-2023-20198

Number of hacked Cisco IOS XE devices plummets from 50K to hundreds - The number of Cisco IOS XE devices hacked with a malicious backdoor implant has mysteriously plummeted from over 50,000 impacted devices to only a few hundred, with researchers unsure what is causing the sharp decline. This week, Cisco warned that ...
1 year ago Bleepingcomputer.com CVE-2023-20198 CVE-2023-20273

CVE-2022-48664 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago

Over 40,000 Cisco IOS XE devices infected with backdoor using zero-day - More than 40,000 Cisco devices running the IOS XE operating system have been compromised after hackers exploited a recently disclosed maximum severity vulnerability tracked as CVE-2023-20198. There is no patch or a workaround available and the only ...
1 year ago Bleepingcomputer.com CVE-2023-20198

New ATM Malware family emerged in the threat landscape - Threat actors may have exploited a zero-day in older iPhones, Apple warns. Microsoft fixed two zero-day bugs exploited in malware attacks. Threat actors actively exploit JetBrains TeamCity flaws to deliver malware. Raspberry Robin spotted using two ...
1 year ago Securityaffairs.com CVE-2023-49103 CVE-2023-46747 CVE-2023-46748 CVE-2023-4966

New MOVEit Transfer critical bug is actively exploited - MUST READ. New MOVEit Transfer critical bug is actively exploited. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. PoC ...
11 months ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109 Rocke

CVE-2022-49248 - In the Linux kernel, the following vulnerability has been resolved: ...
3 months ago

Hackers exploit VMware ESXi, Microsoft SharePoint zero-days at Pwn2Own - During the second day of Pwn2Own Berlin 2025, competitors earned $435,000 after exploiting zero-day bugs in multiple products, including Microsoft SharePoint, VMware ESXi, Oracle VirtualBox, Red Hat Enterprise Linux, and Mozilla Firefox. Palo Alto ...
1 month ago Bleepingcomputer.com

Apple fixes two new iOS zero-days in emergency updates - Apple released emergency security updates to fix two zero-day vulnerabilities exploited in attacks and impacting iPhone, iPad, and Mac devices, reaching 20 zero-days patched since the start of the year. "Apple is aware of a report that this issue may ...
1 year ago Bleepingcomputer.com CVE-2023-42916 CVE-2023-42917

CVE-2024-56658 - In the Linux kernel, the following vulnerability has been resolved: net: defer final 'struct net' free in netns dismantle Ilya reported a slab-use-after-free in dst_destroy [1] Issue is in xfrm6_net_init() and xfrm4_net_init() : They copy ...
5 months ago Tenable.com

North Korean Kimsuky used a new Linux backdoor in recent attacks - Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw. Threat actors exploited Palo Alto Pan-OS issue to deploy a Python Backdoor. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 ...
1 year ago Securityaffairs.com CVE-2022-38028 CVE-2020-3259 CVE-2023-22515 APT28 APT29 BianLian