• GenAi

๐Ž๐ฉ๐ž๐ซ๐š๐ญ๐ข๐จ๐ง ๐“๐ซ๐ข๐š๐ง๐ ๐ฎ๐ฅ๐š๐ญ๐ข๐จ๐ง: Unraveling the Most Advanced iPhone Attack that used four 0-day vulnerabilities

Security researchers at Kaspersky reveal the intricacies of “Operation Triangulation,” on Dec 27th, 2023, at the Chaos Communication Congress.

So why is this important? This was an extremely sophisticated iMessage vulnerability spanning from 2019 to December 2022. The attack chain, which has been labeled the “most sophisticated” ever seen, utilized four 0-day vulnerabilities, including a Pegasus 0-click iMessage exploit.

๐ต๐‘’๐‘“๐‘œ๐‘Ÿ๐‘’ ๐‘ค๐‘’ ๐‘‘๐‘–๐‘ฃ๐‘’ ๐‘–๐‘›๐‘ก๐‘œ ๐‘กโ„Ž๐‘’ ๐‘‘๐‘’๐‘ก๐‘Ž๐‘–๐‘™๐‘ , ๐ผ ๐‘ค๐‘œ๐‘ข๐‘™๐‘‘ ๐‘™๐‘–๐‘˜๐‘’ ๐‘ก๐‘œ ๐‘ ๐‘Ž๐‘ฆ ๐‘กโ„Ž๐‘Ž๐‘ก ๐‘กโ„Ž๐‘–๐‘  ๐‘–๐‘ƒโ„Ž๐‘œ๐‘›๐‘’ ๐‘Ž๐‘ก๐‘ก๐‘Ž๐‘๐‘˜ ๐‘ข๐‘›๐‘‘๐‘’๐‘Ÿ๐‘ ๐‘๐‘œ๐‘Ÿ๐‘’๐‘  ๐‘Ž๐‘› ๐‘Ž๐‘™๐‘Ž๐‘Ÿ๐‘š๐‘–๐‘›๐‘” ๐‘™๐‘’๐‘ฃ๐‘’๐‘™ ๐‘œ๐‘“ ๐‘ ๐‘œ๐‘โ„Ž๐‘–๐‘ ๐‘ก๐‘–๐‘๐‘Ž๐‘ก๐‘–๐‘œ๐‘› ๐‘ค๐‘–๐‘กโ„Ž 4 ๐‘ง๐‘’๐‘Ÿ๐‘œ-๐‘‘๐‘Ž๐‘ฆ๐‘ . ๐‘‡โ„Ž๐‘’ ๐‘š๐‘ฆ๐‘ ๐‘ก๐‘’๐‘Ÿ๐‘ฆ ๐‘ ๐‘ข๐‘Ÿ๐‘Ÿ๐‘œ๐‘ข๐‘›๐‘‘๐‘–๐‘›๐‘” ๐ถ๐‘‰๐ธ-2023-38606 ๐‘’๐‘š๐‘โ„Ž๐‘Ž๐‘ ๐‘–๐‘ง๐‘’๐‘  ๐‘กโ„Ž๐‘’ ๐‘›๐‘’๐‘’๐‘‘ ๐‘“๐‘œ๐‘Ÿ ๐‘Ÿ๐‘œ๐‘๐‘ข๐‘ ๐‘ก ๐‘๐‘ฆ๐‘๐‘’๐‘Ÿ๐‘ ๐‘’๐‘๐‘ข๐‘Ÿ๐‘–๐‘ก๐‘ฆ. ๐ผ๐‘›๐‘ก๐‘’๐‘”๐‘Ÿ๐‘Ž๐‘ก๐‘–๐‘›๐‘” ๐ด๐ผ ๐‘–๐‘›๐‘ก๐‘œ ๐‘ ๐‘ข๐‘โ„Ž ๐‘’๐‘ฅ๐‘๐‘™๐‘œ๐‘–๐‘ก๐‘  ๐‘ค๐‘–๐‘™๐‘™ ๐‘œ๐‘›๐‘™๐‘ฆ ๐‘Ž๐‘š๐‘๐‘™๐‘–๐‘“๐‘ฆ ๐‘กโ„Ž๐‘Ÿ๐‘’๐‘Ž๐‘ก๐‘ , ๐‘Ÿ๐‘’๐‘ž๐‘ข๐‘–๐‘Ÿ๐‘–๐‘›๐‘” ๐‘ฃ๐‘–๐‘”๐‘–๐‘™๐‘Ž๐‘›๐‘ก ๐ด๐ผ ๐‘‘๐‘’๐‘“๐‘’๐‘›๐‘ ๐‘’๐‘ , ๐‘ก๐‘œ ๐‘๐‘’ ๐‘๐‘Ÿ๐‘’๐‘Ž๐‘ก๐‘’๐‘‘.

In the current world where Generative AI can pentest systems, and move faster than a human can react. “๐—ฆ๐˜†๐˜€๐˜๐—ฒ๐—บ๐˜€ ๐˜๐—ต๐—ฎ๐˜ ๐—ฟ๐—ฒ๐—น๐˜† ๐—ผ๐—ป ๐˜€๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜† ๐˜๐—ต๐—ฟ๐—ผ๐˜‚๐—ด๐—ต ๐—ผ๐—ฏ๐˜€๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜† ๐—ฐ๐—ฎ๐—ป ๐—ป๐—ฒ๐˜ƒ๐—ฒ๐—ฟ ๐—ฏ๐—ฒ ๐˜๐—ฟ๐˜‚๐—น๐˜† ๐˜€๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ฒ.”

Just to be clear although I am talking about AI above. This finding was before GenAI took off. My goal is to bring awareness to this now so that security teams start fighting AI with AI.

—– Back to the post —–

๐Š๐ž๐ฒ ๐๐จ๐ข๐ง๐ญ๐ฌ:
๐Ÿ”น Attackers exploited a remote code execution vulnerability (CVE-2023-41990) in Apple’s ADJUST TrueType font instruction, remaining undetected by users.

๐Ÿ”น The attack involved return/jump-oriented programming, multiple stages, and an obfuscated JavaScript exploit with around 11,000 lines of code.
Vulnerabilities in XNU’s memory mapping syscalls (CVE-2023-32434) and hardware memory-mapped I/O registers were crucial in obtaining read/write access to the device’s entire physical memory.

๐Ÿ”น The attack chain concluded with the exploitation of CVE-2023-32435 through a Safari exploit, executing a shellcode and obtaining root privileges for loading spyware.

๐Ÿ”น Researchers emphasize the mystery surrounding CVE-2023-38606 and invite iOS security researchers to contribute insights, highlighting the insecurity of systems relying on “security through obscurity.”

The researchers plan to delve deeper into each vulnerability in 2024.

Cybersecurity ai security zerotrust ciso infosec genai VOCAL Council Theia Institute Peer Insights Gartner InsightJam.com Bot Nirvana

๐—ก๐—ผ๐˜๐—ถ๐—ฐ๐—ฒ: The views expressed in this post are my own. The views within any of my posts or articles are not those of my employer or the employers of any contributing experts. ๐—Ÿ๐—ถ๐—ธ๐—ฒ ๐Ÿ‘ this post? Click ๐˜๐—ต๐—ฒ ๐—ฏ๐—ฒ๐—น๐—น icon ๐Ÿ”” for more!
for more!

Picture of Doug Shannon

Doug Shannon

Doug Shannon, a top 50 global leader in intelligent automation, shares regular insights from his 20+ years of experience in digital transformation, AI, and self-healing automation solutions for enterprise success.