Exploiting Apple SoC Hardware Feature: The Intricate Attacks on Kaspersky Employees’ iPhones

A hardware feature present in an Apple system-on-a-chip (SoC) was recently exploited in a series of attacks targeting the iPhones of Kaspersky senior employees. These attacks successfully bypassed Apple’s protections and installed sophisticated spyware on the compromised devices, raising concerns about the vulnerabilities in the iOS ecosystem.

Exploitation of iOS Zero-Day Vulnerabilities

In a highly coordinated campaign, the attackers exploited multiple iOS zero-day vulnerabilities. Their main objective was to execute arbitrary code and install spyware on the targeted iPhones. These zero-day vulnerabilities, which were previously unknown and had no available patches, allowed the attackers to gain unauthorized access to the devices.

Introduction to TriangleDB Spyware Implant

The spyware implant used in these attacks, dubbed TriangleDB, was specifically designed to remain stealthy and undetectable. Its infection chain involved a series of checks and log-erasing actions, making it challenging to identify and remove the malware. TriangleDB effectively flew under the radar, enabling the attackers to maintain persistent access to the compromised iPhones.

Apple’s Response and Patch Deployment

Responding swiftly, Apple released patches to address three of the exploited vulnerabilities in June and July. Importantly, Apple stated that these vulnerabilities were only exploitable on iOS versions before iOS 15.7. While this brought some relief, it also highlighted the critical need for users to keep their devices updated with the latest security patches.

Details of the Attack Methodology

The initial attack vector involved the delivery of malicious iMessage attachments. These attachments contained a remote code execution (RCE) zero-day exploit that enabled the deployment of TriangleDB without any user interaction. The attackers leveraged the flaw to discreetly infiltrate the targeted iPhones.

Exploitation of Additional Zero-Day Flaws

In addition to the RCE zero-day, two other zero-day vulnerabilities were exploited in the infection chain. One of these vulnerabilities resided in the Apple-only ADJUST TrueType font instruction, paving the way for the attackers to bypass hardware-based security protections. The other zero-day flaw, CVE-2023-38606, held particular interest due to its exploitation of hardware memory-mapped I/O (MMIO) registers.

Focus on CVE-2023-38606

CVE-2023-38606 allowed attackers to exploit JavaScript and utilize hardware MMIO registers to bypass the Page Protection Layer (PPL), a crucial security measure. Importantly, the MMIO registers used in the attack did not belong to the known MMIO ranges of peripheral devices in Apple products, as defined and stored in the DeviceTree file format. This raised questions about the purpose and origin of this unknown hardware feature.

Identification of the MMIO Registers’ Origin

Further analysis by Kaspersky revealed that the targeted MMIO registers belonged to the GPU coprocessor. By abusing these registers, the attackers gained the ability to write to memory, bypass existing security protections, and achieve remote code execution (RCE). The involvement of the GPU coprocessor added an intriguing layer of sophistication to the attack.

Abusing the GPU Coprocessor to Achieve Remote Code Execution (RCE)

Exploiting the GPU coprocessor’s registers allowed the attackers to execute code and manipulate memory, providing them with a pathway to take control of the compromised iPhones. By leveraging this previously unknown hardware feature, the attackers bypassed Apple’s defenses and successfully achieved their objective of installing TriangleDB and carrying out reconnaissance on the targeted victims.

Unanswered Questions Regarding the Unknown Hardware Feature

The discovery of this unknown hardware feature raises numerous unanswered questions. Its purpose, origin, and potential implications remain poorly understood. This abnormal vulnerability has prompted further investigation by security researchers and Apple to comprehend its inner workings and determine the necessary remediation measures.

The sophisticated attacks targeting Kaspersky senior employees’ iPhones revealed the abuse of a hardware feature inherent in Apple’s SoC. By exploiting multiple iOS zero-day vulnerabilities and utilizing the GPU coprocessor’s registers, the attackers successfully bypassed protections, installed spyware, and gained control over the compromised devices. This incident underscores the importance of continuous vigilance and regularly updating devices with security patches to mitigate the risks posed by emerging threats in the ever-evolving landscape of mobile security.

Explore more

Digital Marketing’s Evolution on Entertainment Platforms 2025

In 2025, the landscape of digital marketing on entertainment platforms has undergone significant transformations, reshaping strategies to accommodate evolving consumer behaviors and technological advancements. Marketers face the challenge of devising approaches that align with demands for personalized, engaging content. From innovative techniques to emerging trends, the domain of digital marketing is being redefined by these shifts. The rise in mobile

How Will Togo’s Strategy Shape Digital Future by 2030?

Togo is embarking on an ambitious journey to redefine its digital landscape and solidify its position as a leader in digital transformation within the African continent. As part of the Togo Digital Acceleration Project, the country is extending its Digital Togo 2025 Strategy to encompass a broader vision that reaches 2030. This strategy is intended to align with Togo’s growth

Europe’s Plan to Lead the 6G Revolution by 2030

In a bold vision to shape the next era of wireless communications, Europe has set an ambitious plan to lead the 6G technology revolution by 2030, aligning with the increasing global demand for high-speed, intelligent network systems. As the world increasingly relies on interconnected digital landscapes, Europe’s strategy marks a crucial shift toward innovation, collaboration, and a sustainable approach to

Is Agentic AI Transforming Financial Decision-Making?

The financial landscape is witnessing an impressive revolution as agentic AI firmly establishes itself as a game-changer in decision-making processes. This AI allows for autonomous operations and supports executive decisions by understanding complex data and executing tasks without human intervention. Recent surveys indicate a dramatic projection: agentic AI usage among finance leaders is expected to climb sharply over the next

Are Cobots the Future of Industrial Automation?

The fast-paced evolution of technology has ushered in a new era of industrial automation, sparking significant interest and discussion about cobots, or collaborative robots. Cobots are transforming industries by offering a flexible, cost-effective, and user-friendly alternative to traditional industrial robotics. Unlike their larger, more imposing predecessors, these sophisticated robotic arms are designed to work seamlessly alongside human operators, broadening the