Attackers Exploit IOS with 0-Click iMessage Exploit

The news broke about a sophisticated IOS attack dubbed Operation Triangulation by the Russian Information Security Firm Kaspersky on the 27th of December 2023. Attackers send a malicious iMessage attachment that kicks off a chain of four zero-day exploits used to load spyware on the device.

The campaign thought to have been active since 2019, has used these exploits to gather sensitive information from devices. The four zero-day exploits are as follows:

• CVE-2023–41990 — Remote Code Execution (RCE) vulnerability sent via iMessage.
• CVE-2023–32434 — Integer Overflow vulnerability that allows for arbitrary code execution with kernel privileges.
• CVE-2023–32435 — Memory corruption vulnerability used to execute code when processing web content.
• CVE-2023–38606 — Vulnerability that allows an app to modify kernel state.

As Kaspersky mentions, “What we want to discuss is related to the vulnerability that has been mitigated as CVE-2023–38606. Recent iPhone models have additional hardware-based security protection for sensitive regions of the kernel memory. This protection prevents attackers from obtaining full control over the device if they can read and write kernel memory, as achieved in this attack by exploiting CVE-2023–32434.” All users must maintain updates regularly to avoid falling victim to this type of attack. Hardware vulnerabilities will continue to come to light so keeping your hardware updated and your software will help mitigate the risk of future attacks of this magnitude.