A previously undocumented hardware feature within Apple’s iPhone System on a Chip (SoC) allows for exploitation of multiple vulnerabilities, eventually letting attackers bypass hardware-based memory protection.
The vulnerability plays a central role in the sophisticated advanced persistent threat (APT) “Operation Triangulation” zero-click campaign, according to a report from Kaspersky’s Global Research and Analysis Team (GReAT).
The Operation Triangulation iOS cyberespionage spy campaign has existed since 2019 and has utilized multiple vulnerabilities as zero-days to bypass security measures in iPhones, posing a persistent risk to users’ privacy and security. Targets have included Russian diplomats and other officials there, as well as private enterprises such as Kaspersky itself.
In June, Kaspersky released a report offering additional details on the TriangleDB spyware implant used in the campaign, highlighting numerous unique capabilities, for example disabled features that could be…