Researchers Reveal “Most Sophisticated” iMessage Exploit Targeting iPhones

Recently, the 37th Chaos Communication Congress took place in Hamburg, Germany. A team of cybersecurity experts, including Boris Larin from Moscow-based security firm Kaspersky, Leonid Bezvershenko, and Georgy Kucherin were part of the congress. They uncovered a series of zero-day vulnerabilities in iPhones, exploited through iMessage. This “Operation Triangulation” presentation marked the first public revelation of these susceptibilities and their exploitation methods.

Beware! Researchers Found iMessage Exploit

Reports claim that the attack, refined in its execution, starts with a seemingly harmless iMessage attachment. After that, the iMessage attachment exploits CVE-2023-41990. It is a vulnerability in an undocumented TrueType font instruction. Moreover, it also triggers a chain of events without any observable signs to the user. The exploit uses advanced techniques, including return/jump-oriented programming and a multi-staged JavaScript exploit, to achieve deep access to the device’s system.

For all those unaware, a “zero-day exploit” is similar to finding a secret way into a computer program or any system that nobody else knows about. In the case of Apple, even the people who made the program do not know about it. It is pertinent to mention here that there is no protection against it yet. The name “zero-day” means that the program makers have had zero days to resolve the problem because they just found out about it.

The researchers also disclosed how the attack exploits the JavaScriptCore debugging feature and an integer overflow vulnerability (CVE-2023-32434) to get read/write access to the entire physical memory of the machine at the user level. This strategy allows the hackers to bypass the Page Protection Layer (PPL).

It’s pertinent to mention that these exploits were patched by Apple’s iOS software updates with iOS and iPadOS 15.7.8 for older devices and 16.6. The presentation also highlighted the exploit’s ability to support older and newer iPhone models, including a Pointer Authentication Code (PAC) bypass for the latest models. The exploit’s sophistication is further evidenced by its use of hardware memory-mapped I/O (MMIO) registers.