Security News > 2024 > January > New iPhone Exploit Uses Four Zero-Days

Kaspersky researchers are detailing "An attack that over four years backdoored dozens if not thousands of iPhones, many of which belonged to employees of Moscow-based security firm Kaspersky." It's a zero-click exploit that makes use of four iPhone zero-days.
It uses return/jump oriented programming and multiple stages written in the NSExpression/NSPredicate query language, patching the JavaScriptCore library environment to execute a privilege escalation exploit written in JavaScript.
After exploiting all the vulnerabilities, the JavaScript exploit can do whatever it wants to the device including running spyware, but the attackers chose to: launch the IMAgent process and inject a payload that clears the exploitation artefacts from the device; run a Safari process in invisible mode and forward it to a web page with the next stage.
The Safari exploit uses CVE-2023-32435 to execute a shellcode.
The shellcode executes another kernel exploit in the form of a Mach object file.
The exploit obtains root privileges and proceeds to execute other stages, which load spyware.
News URL
https://www.schneier.com/blog/archives/2024/01/new-iphone-exploit-uses-four-zero-days.html
Related news
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- Apple backports zero-day patches to older iPhones and Macs (source)
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)
- Apple fixes two zero-days exploited in targeted iPhone attacks (source)
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- ⚡ Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More (source)
- Craft CMS RCE exploit chain used in zero-day attacks to steal data (source)
- Enterprise tech dominates zero-day exploits with no signs of slowdown (source)
- ⚡ Weekly Recap: Zero-Day Exploits, Developer Malware, IoT Botnets, and AI-Powered Scams (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-06-23 | CVE-2023-32435 | Out-of-bounds Write vulnerability in Apple products A memory corruption issue was addressed with improved state management. | 8.8 |