Tag Archive for: iPhone’s

Researchers Reveal “Most Sophisticated” iMessage Exploit Targeting iPhones

/in


Recently, the 37th Chaos Communication Congress took place in Hamburg, Germany. A team of cybersecurity experts, including Boris Larin from Moscow-based security firm Kaspersky, Leonid Bezvershenko, and Georgy Kucherin were part of the congress. They uncovered a series of zero-day vulnerabilities in iPhones, exploited through iMessage. This “Operation Triangulation” presentation marked the first public revelation of these susceptibilities and their exploitation methods.

Beware! Researchers Found iMessage Exploit

Reports claim that the attack, refined in its execution, starts with a seemingly harmless iMessage attachment. After that, the iMessage attachment exploits CVE-2023-41990. It is a vulnerability in an undocumented TrueType font instruction. Moreover, it also triggers a chain of events without any observable signs to the user. The exploit uses advanced techniques, including return/jump-oriented programming and a multi-staged JavaScript exploit, to achieve deep access to the device’s system.

For all those unaware, a “zero-day exploit” is similar to finding a secret way into a computer program or any system that nobody else knows about. In the case of Apple, even the people who made the program do not know about it. It is pertinent to mention here that there is no protection against it yet. The name “zero-day” means that the program makers have had zero days to resolve the problem because they just found out about it.

The researchers also disclosed how the attack exploits the JavaScriptCore debugging feature and an integer overflow vulnerability (CVE-2023-32434) to get read/write access to the entire physical memory of the machine at the user level. This strategy allows the hackers to bypass the Page Protection Layer (PPL).

It’s pertinent to mention that these exploits were patched by Apple’s iOS software updates with iOS and iPadOS 15.7.8 for older devices and 16.6. The presentation also highlighted the exploit’s ability to support older and newer iPhone models, including a Pointer Authentication Code (PAC) bypass for the latest models. The exploit’s sophistication is further evidenced by its use of hardware memory-mapped I/O (MMIO) registers.

PTA…

Source…

The jig is up: Flipper Zero can no longer crash iPhones running iOS 17.2

/in


flipper zero ios 17.2

December could very well be security month at Apple with the launch of Stolen Device Protection, the shuttering of Beeper Mini, and now, the stealthy fix to a Bluetooth exploit that has been wreaking havoc for iPhone and iPad users since its discovery in September.

Flipper Zero is no match for iOS 17.2

First pointed out by ZDNet, 9to5Mac can confirm that Apple has finally implemented safeguards in iOS 17.2 to prevent Flipper Zero devices from sending nearby iPhones and iPads into never-ending denial of service (DoS) loops.

Out of the box, Flipper Zero is a pretty harmless pen-testing tool. However, since the device is open source, it can be modified with third-party firmware (in this case, Xtreme) that provides a Bluetooth Low Energy (BLE) spam app.

Using a flaw in the BLE pairing sequence, the app can send nearby devices an overwhelming amount of Bluetooth connection notifications, causing them to freeze up and reboot. It’s a process that takes about five minutes, or what I can imagine feels like an eternity for an unsuspecting victim.

With a radio range of about 50 meters (~164 feet), threat actors have reportedly used malicious Flipper Zero devices to pull off undetected DoS attacks on trains, coffee shops, and concert venues.

flipper zero iphone ios 17 bluetooth exploit attack
Flipper Zero device running Xtreme third-party firmware imitating an AirPods pairing request

What could iOS 17.2’s new safeguards be? When running a Flipper Zero against my own devices, I’ve found a few pesky popups still appear before completely stopping. This could point to a new send advertising packets (ADV) request timeout Apple has implemented. However, we may never know.

To update your iPhone or iPad to iOS 17.2, head to Settings > tap General > Software Update.

FTC: We use income earning auto affiliate links. More.

Source…

Apple Patches 3 Zero-Days Likely Exploited by Spyware Vendor to Hack iPhones

/in


Apple announced on Thursday that its latest operating system updates patch three new zero-day vulnerabilities. Based on the previous work of the organizations credited for reporting the flaws, they have likely been exploited by a spyware vendor.

The zero-days are tracked as CVE-2023-41991, which allows a malicious app to bypass signature verification, CVE-2023-41992, a kernel flaw that allows a local attacker to elevate privileges, and CVE-2023-41993, a WebKit bug that can be exploited for arbitrary code execution by luring the targeted user to a malicious webpage. 

Apple patched some or all of these vulnerabilities in Safari, iOS and iPadOS (including versions 17 and 16), macOS (including Ventura and Monterey), and watchOS.

It’s worth noting that while each of these operating systems is impacted by the zero-days, Apple said it’s only aware of active exploitation targeting iOS versions before 16.7.

Apple has not shared any information about the attacks exploiting the new vulnerabilities. However, considering that they were reported to the tech giant by researchers at the University of Toronto’s Citizen Lab group and Google’s Threat Analysis Group, they have likely been exploited by a commercial spyware vendor to hack iPhones. 

Citizen Lab and Apple recently investigated attacks involving a zero-day identified as CVE-2023-41064. That security hole, part of a zero-click exploit named BlastPass, was used to  deliver the NSO Group’s notorious Pegasus spyware to iPhones.

In an attack investigated by Citizen Lab, the spyware was delivered to an employee at an international civil society organization based in Washington DC. 

Advertisement. Scroll to continue reading.

CVE-2023-41064 impacts the WebP image format. The affected library is also used in the Chrome and Firefox web browsers, and Google and Mozilla were also forced to release emergency updates to address the zero-day, which they track as CVE-2023-4863.

Related: Google Links More iOS, Android Zero-Day Exploits to Spyware Vendors

Related: US to Adopt New Restrictions on Using Commercial Spyware

Related: Details Emerge on Israeli Spyware Vendor QuaDream and Its iOS Malware 

Source…

Security expert warns of device that can spam iPhones with popup notifications

/in


Technology can be a wonderful thing. But, it can also be used for nefarious means. In a tweet, a security and infosec expert showcased the power of a small iPhone hacking device capable of spamming devices with different popup notifications.

First, the device is called the Flipper Zero. It essentially works by spoofing devices like Apple’s AirTags, AirPods Pro, and even new contacts. This effectively launches a DDoS notification attack on any iOS device in the area, rendering it nonfunctional. 

This particular iPhone hacking device has apparently been used as part of an ongoing “prank” against iPhone users, and Techryptic, the infosec expert behind the new warnings, has called for Apple to consider implementing safeguards to mitigate the risks.

“What’s the purpose of posting this?” Techryptic’s tweet begins, “It has the capability to effectively launch a DDOS notification attack on any iOS device, rendering it nonfunctional. Even if the device is in airplane mode, it’s still susceptible. Apple should consider implementing safeguards to mitigate.”

Techryptic also included several videos of the device in action on Twitter, and it’s clear how easily something like this could be abused. And, since it sends these notifications even when the device is in airplane mode, there doesn’t appear to be any way to stop it until you move away from the iPhone hacking device, or the person with the device stops it.

Obviously, it is very easy to see why something like this could be considered nefarious. While it might not necessarily steal your information, it leads to other issues – most notably, hindering your ability to use the product. Considering the legal ramifications behind initiating a DDoS attack, this isn’t something to play around with.

Hopefully, we see Apple address this issue in the future. A new security measure to stop something like this from happening would be ideal in a future OS update, such as iOS 17.