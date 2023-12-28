The closed philosophy of Apple's ecosystem usually means that those who try to detect and exploit vulnerabilities have it more difficult – but far from impossible – than on other platforms, but this week one of the most striking cyberattacks in recent years has been revealed, and The victims have been the iPhone.

Kaspersky, victim of cyber attack. As indicated in Ars Technica, a group of cybersecurity experts have discovered a very sophisticated attack targeting iPhones that has been active for four years. The attack already made headlines in June 2023, and has now been revealed to have infected devices belonging to employees of the Moscow-based cybersecurity company Kaspersky and thousands of others, including those in diplomatic missions and embassies in Russia. .

Triangulation. The attackers achieved an unprecedented level of access by exploiting a previously unknown hardware feature that appears to make it clear that those who discovered the problem had advanced resources and technical knowledge. The final “megaexploit,” known as “Triangulation,” leverages a complex chain of exploits sent via iMessage text messages, with infections that cyberattackers reactivate with new messages if device reboots were detected.

Four critical vulnerabilities. Attackers exploited four critical zero-day vulnerabilities: CVE-2023-32434, CVE-2023-32435, CVE-2023-38606, and CVE-2023-41990, affecting iPhones, Macs, iPods, iPads, Apple TVs, and Apple Watches. . These cyberattacks allowed attackers to bypass advanced hardware-based memory protections, a significant step forward in defeating Apple's security measures.

Difficult to detect spyware. This chain of exploits called Triangulation includes several 'zero-day' vulnerabilities, including those affecting Apple's TrueType font, the iOS kernel, or the Safari browser. The methods used allowed them to gain administrator ('root') access to the system and then install spyware. Once infected, the devices transmitted voice recordings, photos, geolocation and other sensitive data to servers controlled by the attackers.

Problem patched, but not completely solved. Kaspersky experts published a report on Wednesday with the conclusions of their research, and explained that although Apple has patched these vulnerabilities, detecting whether or not a device is infected remains difficult. These cyberattacks appear to have affected diplomatic missions and embassies. Identifying its origin and those responsible is also complex because the characteristics of the cyberattack deviate from known patterns.

A (sadly) prodigious cyberattack. For Boris Larin (@oct0xor), Kaspersky researcher, highlighted in an email to Ars Technica the exceptional nature of the cyberattack. Especially because of how it has been managed to execute in an ecosystem as closed as Apple's. “We've discovered and reported over thirty zero-days in Adobe/Apple/Google/Microsoft products,” he noted, “but this is definitely the most sophisticated attack chain we've seen.”

