X

Researchers revealed a 0-click iMessage attack using four zero-day vulnerabilities

Featured image for Researchers revealed a 0-click iMessage attack using four zero-day vulnerabilities

Security researchers at Kaspersky have recently revealed a highly advanced iMessage vulnerability, dubbing it “Operation Triangulation.” Researchers found that this exploit was active between 2019 and December 2022 by its complexity. It utilizes a series of zero-day vulnerabilities to create what they describe as the “most sophisticated attack chain” ever known.

The presentation at the Chaos Communication Congress marks the first time that the researchers publicly revealed the details of the exploits and vulnerabilities used in this advanced iMessage attack.

Advertisement
Advertisement

Operation Triangulation employed a 0-click iMessage attack, using four zero-day vulnerabilities to target iOS versions up to iOS 16.2. Researchers started the attack with a malicious iMessage attachment that isn’t noticeable by users. The attachment exploited a remote code execution vulnerability in the Apple-only ADJUST TrueType font instruction, present since the early 90s.

Intricacies of the most sophisticated iMessage exploit: Operation Triangulation

iMessage 0 click vulnerability
Credit: Securelist

This complex attack involved multiple stages, including JavaScript exploits, intricately coded with around 11,000 lines, and the manipulation of JavaScriptCore‘s memory. The exploit aimed to gain control over the entire physical memory of the device, using techniques such as Pointer Authentication Code bypass and hardware memory-mapped I/O registers.

One notable aspect of the attack was the use of an unknown hardware feature in Apple-designed SoCs, which allowed attackers to write data to a specific physical address, bypassing hardware-based memory protection. This feature, seemingly unused by the firmware, raised questions about its origin and purpose, with Kaspersky guessing it might have been intended for debugging or testing purposes.

The researchers accordingly revealed their intent to share these technical details to encourage collaboration among iOS security researchers, seeking confirmation of their findings and potential explanations for how attackers might have discovered and utilized this mysterious hardware feature.

The Operation Triangulation attack chain stands out not only for its technical sophistication but also for the collaboration between security researchers to shed light on its intricacies. Smartphone security remains a critical concern and understanding and addressing such advanced exploits are essential to safeguarding your data and privacy.