Security analysts at Kaspersky, a cybersecurity solutions provider, have identified two critical vulnerabilities that enable attackers to bypass the latest hardware security features of Apple processors.

Kaspersky researchers found an entry point through a font processing library vulnerability. They also uncovered a significant exploit in the memory mapping code, granting access to the device’s physical memory, both of which were trivially exploitable.

Researchers also discovered that, aside from the capability to remotely infect Apple devices through iMessage without user interaction, the attackers also had a platform to carry out attacks via the Safari web browser. This prompted the discovery and fixing of a fifth vulnerability.

Kaspersky: Spyware on iOS devices can collect data
Kaspersky discovers emerging APT threat actor in APAC

“The hardware-based security features of devices with newer Apple chips significantly bolster their resilience against cyberattacks,” said Boris Larin, principal security researcher at Kaspersky. “But they are not invulnerable. Operation Triangulation serves as a reminder to exercise caution when handling iMessage attachments from unfamiliar sources.”

Apple devices

This year, Kaspersky has uncovered an Advanced Persistent Threat (APT) campaign targeting iOS devices. Named “Operation Triangulation”, this campaign employs a sophisticated method of distributing zero-click exploits via iMessage, ultimately taking complete control over the device and its user data. 

Kaspersky assessed that the primary goal may involve covert user surveillance, affecting even Kaspersky’s own staff. Due to the attack’s complexity and the closed nature of the iOS ecosystem, a dedicated cross-team task force spent a substantial amount of time and resources conducting a detailed technical analysis.

The Apple team has officially released security updates, addressing four zero-day vulnerabilities discovered by Kaspersky researchers. These vulnerabilities impacted many Apple products, including iPhones, iPods, iPads, macOS devices, Apple TV, and Apple Watch.

“Drawing insights from the strategies employed in Operation Triangulation can offer valuable guidance. Additionally, finding a balance between system closedness and accessibility may contribute to an enhanced security posture,” Larin said. 

“Securing systems from advanced cyberattacks is not an easy task, and it is even more complicated in closed systems such as iOS,” said Igor Kuznetsov, Director at Kaspersky’s Global Research and Analysis Team. “That is why it is so important to implement multi-layered security measures to detect and prevent such attacks.”

Security measures

To avoid falling victim to a targeted attack by a known or unknown threat actor, Kaspersky researchers recommend implementing the following measures: 

• Regularly update your operating system, applications, and antivirus software to patch any known vulnerabilities. 

• Be cautious of emails, messages, or calls asking for sensitive information. Verify the sender’s identity before sharing any personal details or clicking on suspicious links. 

• Provide your SOC team access to the latest threat intelligence (TI). The Kaspersky Threat Intelligence Portal is a single point of access for the company’s TI, providing cyberattack data and insights gathered by Kaspersky spanning over 20 years. 

• Upskill your cybersecurity team to tackle the latest targeted threats with Kaspersky online training developed by GReAT experts.

• For endpoint level detection, investigation, and timely remediation of incidents, implement EDR solutions such as Kaspersky Endpoint Detection and Response.