Kaspersky’s Global Research and Analysis Team (GReAT) has exposed a previously unknown “feature” in Apple iPhones that allowed malware to bypass hardware-based memory protection.

Addressed as CVE-2023-38606, which was patched in July 2023, the issue affected iPhones running iOS versions up to 16.6, according to the cybersecurity outfit this week.

Kaspersky reckons the hardware feature (technical details here) may have been intended for testing or debugging. Yeah, hopefully that. Certainly, the GReAT gang couldn’t find any public documentation on it, which meant the attack vector proved tricky to detect and analyze using the team’s usual tools when miscreants came to exploit the hole.

According to Kaspersky, “attackers leveraged this hardware feature to bypass hardware-based security protections and manipulate the contents of protected memory regions.”

Researchers had to reverse-engineer the device to track down the vulnerability exploited. Particular attention was paid to Memory-Mapped IO (MMIO) addresses used for communication between the CPU and other devices. The problem was that the attackers used unknown MMIO addresses to bypass hardware-based kernel protection. Therefore, the team had to pick through the hardware, firmware, and kernel images to work out what was going on.

“This is no ordinary vulnerability,” said Boris Larin, Principal Security Researcher at Kaspersky’s GReAT.

“Due to the closed nature of the iOS ecosystem, the discovery process was both challenging and time-consuming, requiring a comprehensive understanding of both hardware and software architectures. What this discovery teaches us once again is that even advanced hardware-based protections can be rendered ineffective in the face of a sophisticated attacker, particularly when there are hardware features allowing to bypass these protections.”

The vulnerability played a critical role in the “Operation Triangulation” campaign earlier this year, which allowed miscreants to gain access to targeted devices, deploy spyware, and snoop user data. Kaspersky informed Apple about the exploitation of the hardware feature, which was swiftly mitigated.

However, as Larin observed, all the hardware protections in the world won’t help if somebody leaves in an undocumented something that allows those protections to be bypassed. ‘Security through obscurity’ just doesn’t cut it anymore.

  • that guy
    link
    211 months ago

    According to Apple zealots, it’s the most secure platform in the world and when it comes to privacy owning one is the equivalent of being in a Faraday cage in a bunker 200 feet below the surface of the earth. Also Steve Jobs had a nice turtleneck

    • @pivot_root
      link
      111 months ago

      But I paid $3500 for my laptop! I paid for quaLitY /s

    • @[email protected]
      link
      fedilink
      English
      111 months ago

      People need to stop falling for marketing gimmicks. It’s almost to the point where the inverse of what is marketed is what you get in the product or service from the big corps these days.

  • AutoTL;DRB
    link
    fedilink
    English
    111 months ago

    This is the best summary I could come up with:


    Kaspersky’s Global Research and Analysis Team (GReAT) has exposed a previously unknown “feature” in Apple iPhones that allowed malware to bypass hardware-based memory protection.

    Addressed as CVE-2023-38606, which was patched in July 2023, the issue affected iPhones running iOS versions up to 16.6, according to the cybersecurity outfit this week.

    Certainly, the GReAT gang couldn’t find any public documentation on it, which meant the attack vector proved tricky to detect and analyze using the team’s usual tools when miscreants came to exploit the hole.

    The problem was that the attackers used unknown MMIO addresses to bypass hardware-based kernel protection.

    "Due to the closed nature of the iOS ecosystem, the discovery process was both challenging and time-consuming, requiring a comprehensive understanding of both hardware and software architectures.

    The vulnerability played a critical role in the “Operation Triangulation” campaign earlier this year, which allowed miscreants to gain access to targeted devices, deploy spyware, and snoop user data.


    The original article contains 344 words, the summary contains 155 words. Saved 55%. I’m a bot and I’m open source!