Security News > 2023 > December > Kaspersky reveals previously unknown hardware 'feature' exploited in iPhone attacks

Kaspersky reveals previously unknown hardware 'feature' exploited in iPhone attacks
2023-12-28 15:50

Kaspersky's Global Research and Analysis Team has exposed a previously unknown 'feature' in Apple iPhones that allows attackers to bypass hardware-based memory protection.

Kaspersky reckons the hardware feature might have been intended for testing or debugging.

According to Kaspersky, "The attackers leveraged this hardware feature to bypass hardware-based security protections and manipulate the contents of protected memory regions."

"This is no ordinary vulnerability," said Boris Larin, Principal Security Researcher at Kaspersky's GReAT. "Due to the closed nature of the iOS ecosystem, the discovery process was both challenging and time-consuming, requiring a comprehensive understanding of both hardware and software architectures. What this discovery teaches us once again is that even advanced hardware-based protections can be rendered ineffective in the face of a sophisticated attacker, particularly when there are hardware features allowing to bypass these protections."

Kaspersky informed Apple about the exploitation of the hardware feature, which was swiftly mitigated.

As Larin observed, all the hardware protections in the world won't help if somebody leaves in an undocumented something that allows those protections to be bypassed.


News URL

https://go.theregister.com/feed/www.theregister.com/2023/12/28/kaspersky_reveals_previously_unknown_hardware/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Kaspersky 23 0 19 16 6 41