In a startling revelation, cybersecurity researchers have uncovered a sophisticated method to hack iPhones using just a single message, putting countless users at potential risk. Utilizing four newly discovered zero-day vulnerabilities, attackers have found a way to infiltrate devices via iMessage.
This new form of assault, detailed by Kaspersky researchers in their latest study, exposes the precariousness of iPhone security. The group behind this attack, dubbed “Operation Triangulation“, executes a complex multi-stage attack chain to penetrate the device’s defenses.
The Triangulation group exploits a flaw in Apple’s font rendering system through iMessage, sending messages laden with malicious code. Once inside, the attackers elevate their privileges and gain system-level access by circumventing various security measures on the iPhone. They manipulate memory and bypass page protection layers added in iOS 16 by exploiting vulnerabilities in the Bionic chip.
U.S. Cybersecurity and Infrastructure Security Agency identifies six new vulnerabilities. Immediate action advised to prevent exploitation.
Interestingly, researchers and even Apple engineers involved in the study admitted unfamiliarity with the zero-day vulnerabilities used in the attack. However, Apple has not neglected to release updates to address these vulnerabilities.
While the attack is alarmingly sophisticated, it’s worth noting that it primarily affects iOS 16.6 or older systems. If you’ve updated your device to iOS 17, you’re likely safe from this particular threat, indicating that most iPhones remain secure against this specific vulnerability.
