Experts from Kaspersky Lab Global Threat Research and Analysis Center discovered Apple smartphones have a vulnerability that allows attackers to bypass hardware memory protection. This vulnerability was exploited by attackers as part of the “Operation Trinity” espionage campaign, which was previously discovered by Kaspersky Lab experts.
The vulnerability was codenamed CVE-2023-38606 and applied to all versions of iOS up to 16.6. CVE-2023-38606 is an unused hardware feature in firmware that was likely intended for testing or debugging by Apple engineers.
To exploit this vulnerability, an attacker would first need to send the victim a secret iMessage with a zero-click exploit added. The attacker was then able to execute code and escalate privileges using CVE-2023-38606.
Hackers used this hardware feature to bypass the hardware security of Apple chips and modify protected areas of memory. As a result, the attackers gained full access to the infected device.
“This vulnerability proves that even the most modern hardware protections are powerless against an advanced attacker as long as there are hardware functions that allow them to bypass these protections,” said Boris Larin, cyber threat researcher at Kaspersky Lab.
Apple has now fixed this vulnerability.
Previously iPhone in India was exposed wiretapping