I provvedimenti spiegati alle aziende
con guide, checklist, modelli; AI assisted
Osservatorio a cura del dott. V. Spataro 



   dizionario 2023-12-27 ·  NEW:   Appunta · Stampa · Cita: 'Doc 98177' · pdf

Kaspersky discloses iPhone hardware feature vital in Operation Triangulation case

abstract:



Quello che Kaspersky scopre e' una fuga di informazioni troppo riservate in grado di sviluppare e sfruttare un attacco zero click. Basta avere un iphone ed essere un obiettivo ed essere spiati. Cosa possono fare gli utenti ?

Acquistare una busta isolante elettromagnetica e ficcarci il telefono mentre non e' in uso. Pazienza per le notifiche.

Fonte: kaspersky.com
Link: https://www.kaspersky.com/about/press-releases/202




analisi:

L'analisi è riservata agli iscritti. Segui la newsletter dell'Osservatorio oppure il Podcast iscrizione gratuita 30 giorni

L'analisi è riservata agli iscritti. Segui la .......... ....'............ ...... .. ....... .......... ........ .. ......

........ . ....... ... .'..... ......... ... .. .......... ....... ............. .. .. ..........

....... ..... ... .........., .'..... .' ......... .. ...... . ................ ...... ... ....... . ........ ............




index:

Indice

  • About Kaspersky



testo:

K

Kaspersky's GReAT team discovered a vulnerability in Apple System on a chip, or SoC, that has played a critical role in the recent iPhone attacks, known as Operation Triangulation, allowing attackers to bypass the hardware-based memory protection on iPhones running iOS versions up to iOS 16.6.

The discovered vulnerability is a hardware feature, possibly based on the principle of security through obscurity,” and may have been intended for testing or debugging. Following the initial 0-click iMessage attack and subsequent privilege escalation, the attackers leveraged this hardware feature to bypass hardware-based security protections and manipulate the contents of protected memory regions. This step was crucial for obtaining full control over the device. Apple addressed the issue, identified as CVE-2023-38606.

As far as Kaspersky is aware, this feature was not publicly documented, presenting a significant challenge in its detection and analysis using conventional security methods. GReAT researchers engaged in extensive reverse engineering, meticulously analyzing the iPhone's hardware and software integration, particularly focusing on the Memory-Mapped I/O, or MMIO, addresses, which are critical for facilitating efficient communication between the CPU and peripheral devices in the system. Unknown MMIO addresses, used by the attackers to bypass the hardware-based kernel memory protection, were not identified in any device tree ranges, presenting a significant challenge. The team had to also decipher the intricate workings of the SoC and its interaction with the iOS operating system, especially regarding memory management and protection mechanisms. This process involved a thorough examination of various device tree files, source codes, kernel images, and firmware, in a quest to find any reference to these MMIO addresses.

“This is no ordinary vulnerability. Due to the closed nature of the iOS ecosystem, the discovery process was both challenging and time-consuming, requiring a comprehensive understanding of both hardware and software architectures. What this discovery teaches us once again is that even advanced hardware-based protections can be rendered ineffective in the face of a sophisticated attacker, particularly when there are hardware features allowing to bypass these protections,” comments Boris Larin, Principal Security Researcher at Kaspersky’s GReAT.

“Operation Triangulation” is an Advanced Persistent Threat (APT) campaign targeting iOS devices, uncovered by Kaspersky earlier this summer. This sophisticated campaign employs zero-click exploits distributed via iMessage, enabling attackers to gain complete control over the targeted device and access user data. Apple responded by releasing security updates to address four zero-day vulnerabilities identified by Kaspersky researchers: CVE-2023-32434, CVE-2023-32435, CVE-2023-38606, and CVE-2023-41990. These vulnerabilities impact a broad spectrum of Apple products, including iPhones, iPods, iPads, macOS devices, Apple TV, and Apple Watch. Kaspersky also informed Apple about the exploitation of the hardware feature, leading to its subsequent mitigation by the company.

To learn more about Operation Triangulation and the technical details behind the analysis, read the report on Securelist.com.

To avoid falling victim to a targeted attack by a known or unknown threat actor, Kaspersky researchers recommend implementing the following measures:

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments, and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help over 220,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

 


Link: https://www.kaspersky.com/about/press-releases/202

Testo del 2023-12-27 Fonte: kaspersky.com




Commenta



i commenti sono anonimi e inviati via mail e cancellati dopo aver migliorato la voce alla quale si riferiscono: non sono archiviati; comunque non lasciare dati particolari. Si applica la privacy policy.


Ricevi gli aggiornamenti su Kaspersky discloses iPhone hardware feature vital in Operation Triangulation case e gli altri post del sito:

Email: (gratis Info privacy)






Nota: il dizionario è aggiornato frequentemente con correzioni e giurisprudenza