Isici sezingxenyekazi zekhompuyutha esingabhalwanga ngaphambilini ngaphakathi kwe-Apple iPhone System on a Chip (SoC) sivumela ukuxhashazwa kobungozi obuningi, ekugcineni sivumele abahlaseli ukuba badlule ukuvikelwa kwememori okusekelwe ku-hardware.
Ukuba sengcupheni kudlala indima ebalulekile emkhankasweni wokuchofoza uqanda-ziro we-Advanced advanced persistent (APT) “Operation Triangulation”, ngokuya umbiko kusuka kuThimba Lokucwaninga Nokuhlaziya likaKaspersky (GreAT).
The Operation Triangulation iOS cyberespionage spy umkhankaso ibikhona kusukela ngo-2019 futhi isebenzise ubungozi obuningi njengezinsuku eziyiziro ukweqa izindlela zokuphepha kuma-iPhone, okubeka engcupheni eqhubekayo kubumfihlo nokuphepha kwabasebenzisi. Okuhlosiwe kufake osopolitiki baseRussia nezinye izikhulu lapho, kanye namabhizinisi azimele anjengeKaspersky uqobo.
NgoJuni, uKaspersky wakhipha i-a umbiko enikeza imininingwane eyengeziwe ekufakweni kwenhloli ye-TriangleDB esetshenziswe emkhankasweni, egqamisa amakhono amaningi ahlukile, isibonelo izici ezikhutshaziwe ezingase zisetshenziswe esikhathini esizayo.
Kuleli sonto, ithimba lethule imiphumela yalo yakamuva engqungqutheleni yama-37 ye-Chaos Communication Congress e-Hamburg, eJalimane, likubiza ngokuthi "uchungechunge lokuhlasela oluyinkimbinkimbi kunawo wonke" ebelikade lilubonile lisetshenziswa kulo msebenzi.
Ukuhlasela ngokuchofoza iqanda kuqondiswe kuhlelo lokusebenza lwe-iMessage lwe-iPhone, okuhloswe ngalo ezinguqulweni ze-iOS kuze kufike ku-iOS 16.2. Lapho iqala ukubonakala, yayixhaphaza izinsuku ezine eziyiziro ngezingqimba eziyinkimbinkimbi zokuhlasela.
Ngaphakathi 'kwe-Operation Triangulation' Zero-Chofoza Ukuhlasela Kweselula
Ukuhlasela kuqala ngokungenacala njengoba abalingisi abanonya bethumela okunamathiselwe kwi-iMessage, besebenzisa ubungozi bokwenziwa kwekhodi okude (RCE) I-CVE-2023-41990.
Lokhu kuxhaphaza kuqondise imiyalo yefonti ye-ADJUST TrueType engabhaliwe etholakala kuphela kwa-Apple, ekhona kusukela ekuqaleni kweminyaka yamashumi ayisishiyagalolunye ngaphambi kwesiqephu esilandelayo.
Ukulandelana kokuhlasela bese kucutshungulwa ngokujulile, uhlelo oluqondiswe kokubuya/kweqa kanye nezigaba zolimi ze-NSExpression/NSPredicate ukuze kusetshenziswe umtapo wezincwadi we-JavaScriptCore.
Abahlaseli bashumeke inzuzo yokuthuthukisa i-JavaScript, efiphazwe ngokucophelela ukuze kufihlwe okuqukethwe kwayo, okuhlanganisa cishe imigqa yekhodi engu-11,000.
Lokhu kuxhaphaza kwe-JavaScript okuyinkimbinkimbi ngenkumbulo ye-JavaScriptCore futhi kusebenzisa imisebenzi ye-API yomdabu ngokusebenzisa isici sokususa iphutha se-JavaScriptCore i-DollarVM ($vm).
Ukuxhashazwa kokuba sengozini kokuchichima okuphelele okulandelwa ngokuthi I-CVE-2023-32434 ngaphakathi kwama-syscalls okumepha inkumbulo ye-XNU, abahlaseli babe sebethola ukufinyelela kokufunda/ukubhala okungakaze kubonwe kumemori yedivayisi ephathekayo ezingeni lomsebenzisi.
Ngaphezu kwalokho, badlula kahle I-Page Protection Layer (PPL) besebenzisa amarejista e-I/O (MMIO) afakwe kumemori yehadiwe, okuphathelene nokuba sengozini. ixhashazwe njengosuku oluyiziro yiqembu le-Operation Triangulation kodwa ekugcineni kubhekiselwe kuye ngokuthi I-CVE-2023-38606 ngu-Apple.
Lapho bengena ezivikelweni zedivayisi, abahlaseli basebenzisa ukulawula okukhethekile ngokuqalisa inqubo ye-IMAgent, bajove umthwalo okhokhelwayo ukuze basule noma yimiphi imikhondo yokuxhashazwa.
Kamuva, baqala inqubo ye-Safari engabonakali eqondiswe kabusha ekhasini leWebhu elifaka isigaba esilandelayo sokuxhashazwa.
Ikhasi leWebhu lenza ukuqinisekiswa kwezisulu futhi, ekuqinisekisweni okuphumelelayo, kubangela ukuxhashazwa kweSafari, kusetshenziswa I-CVE-2023-32435 ukwenza i-shellcode.
Le khodi yegobolondo ivula okunye ukuxhashazwa kwe-kernel ngendlela yefayela le-Mach, isebenzise ama-CVE amabili afanayo asetshenziswe ezigabeni zangaphambili (CVE-2023-32434 kanye ne-CVE-2023-38606).
Lapho sebethole amalungelo ezimpande, abahlaseli bahlela izigaba ezengeziwe, ekugcineni bafake i-spyware.
Ukuthuthuka Okukhulayo Ku-iPhone Cyberattacks
Umbiko uphawule ukuthi ukuhlasela okuyinkimbinkimbi, okunezigaba eziningi kuveza izinga elingakaze libonwe lobuchwephesha, lisebenzisa ubungozi obahlukahlukene kuwo wonke amadivayisi we-iOS kanye nokukhulisa ukukhathazeka ngokuvela kwezwe lokusatshiswa ku-inthanethi.
U-Boris Larin, umcwaningi oyinhloko wezokuphepha uKaspersky, uchaza ukuthi ubungozi obusha behadiwe kungenzeka busekelwe kumgomo "wokuphepha ngokufihlakala," futhi kungenzeka ukuthi bekuhloselwe ukuhlolwa noma ukulungisa iphutha.
"Ngemuva kokuhlasela kokuqala kwe-iMessage ngokuchofoza u-zero kanye nokwenyuka kwamalungelo okwalandela, abahlaseli basebenzise lesi sici ukuze badlule ukuvikela okusekelwe ku-hardware futhi basebenzise okuqukethwe kwezindawo zenkumbulo ezivikelwe," esho. "Lesi sinyathelo besibalulekile ukuze uthole ukulawula okugcwele kudivayisi."
Uyanezela ukuthi ngokwazi kwethimba leKaspersky, lesi sici besingakabhalwa esidlangalaleni, futhi asisetshenziswa yi-firmware, yethula inselelo enkulu ekutholeni nasekuhlaziyeni kwayo kusetshenziswa izindlela zokuphepha ezijwayelekile.
"Uma sikhuluma ngamadivaysi e-iOS, ngenxa yemvelo evaliwe yalezi zinhlelo, kunzima ngempela ukuthola ukuhlaselwa okunjalo," kusho uLarin. "Izindlela zokubona kuphela ezitholakalayo zalokhu ukwenza ukuhlaziya kwethrafikhi yenethiwekhi kanye nokuhlaziya okusemthethweni kwezipele zedivayisi ezenziwe nge-iTunes."
Uchaza ukuthi ngokuphambene, izinhlelo zedeskithophu kanye ne-laptop ye-macOS zivuleke kakhulu ngakho-ke, izindlela zokuthola ezisebenza kahle kakhulu ziyatholakala kulezi.
“Kulezi zisetshenziswa uyakwazi ukufaka ukutholwa kwephoyinti lokugcina kanye nempendulo (EDR) izixazululo ezingasiza ekutholeni ukuhlaselwa okunjalo,” kuphawula uLarin.
Uncoma ukuthi amaqembu okuvikela abuyekeze isistimu yawo yokusebenza, izinhlelo zokusebenza, nesofthiwe yokulwa namagciwane njalo; vala noma yibuphi ubungozi obaziwayo; futhi banikeze amaqembu abo e-SOC ukufinyelela kobuhlakani bakamuva obusongelayo.
"Sebenzisa izixazululo ze-EDR zokutholwa kwezinga le-endpoint, uphenyo, kanye nokulungisa izigameko ngesikhathi, qalisa kabusha nsuku zonke ukuze uphazamise izifo eziqhubekayo, khubaza i-iMessage ne-Facetime ukuze unciphise ubungozi bokuxhaphaza ngokuchofoza iqanda, futhi ufake ngokushesha izibuyekezo ze-iOS ukuze uvikele ubungozi obaziwayo," uLarin. uyanezela.
- I-SEO Powered Content & PR Distribution. Khuliswa Namuhla.
- I-PlatoData.Network Vertical Generative Ai. Zinike Amandla. Finyelela Lapha.
- I-PlatoAiStream. I-Web3 Intelligence. Ulwazi Lukhulisiwe. Finyelela Lapha.
- I-PlatoESG. Ikhabhoni, I-CleanTech, Amandla, Environment, Ilanga, Ukuphathwa Kwemfucuza. Finyelela Lapha.
- I-PlatoHealth. I-Biotech kanye ne-Clinical Trials Intelligence. Finyelela Lapha.
- Source: https://www.darkreading.com/application-security/operation-triangulation-spyware-attackers-bypass-iphone-memory-protections
