Recent iPhone models have additional hardware-based security protection for sensitive regions of the kernel memory. We discovered that to bypass this hardware-based security protection, the attackers used another hardware feature of Apple-designed SoCs.
Basically they found out that anyone who knows how this work can send you an iMessage with an attachment that won’t show up on your end without the need of your interaction and do whatever they want on your iphone.
What the other dude said, but the level of sophistication was miles beyond what you typically see from even nation states. The takeaway is you cannot defend yourself from a nation that wants your information.
Someone figured out a way that could hijack iMessage through sending a special malicious PDF that took advantage of a flaw in some legacy font rendering code unique to Apple, that even Apple hadn’t used in decades.
Then, that PDF launched a JavaScript debugger that is built into iPhones, and took advantage of a flaw in that to jump into putting some code into the parts of user memory, that the system doesn’t fully trust.
Then, that code takes advantage of another flaw to bypass the system’s protections for not fully trusting that code, to secretly launch a web browser and navigate to a secret webpage that runs a much bigger piece of malware.
That malware can read and modify basically anything on the system, and was used to read all sorts of sensitive data: message history, location information, app data, etc.
Because the whole exploit chain was so advanced and involved so many different previously unknown vulnerabilities, basically the list of possible suspects is very, very short: some kind of nation state with advanced hacking capabilities.
Can someone much smarter than I am, explain like I’m a toddler?
Basically they found out that anyone who knows how this work can send you an iMessage with an attachment that won’t show up on your end without the need of your interaction and do whatever they want on your iphone.
P.S. I’m not smart nor I’m an expert.
What the other dude said, but the level of sophistication was miles beyond what you typically see from even nation states. The takeaway is you cannot defend yourself from a nation that wants your information.
Well, it certainly helps when that nation gets to build hardware backdoors into the stuff you buy.
Iirc lockdown mode would prevent this exploit from working
Someone figured out a way that could hijack iMessage through sending a special malicious PDF that took advantage of a flaw in some legacy font rendering code unique to Apple, that even Apple hadn’t used in decades.
Then, that PDF launched a JavaScript debugger that is built into iPhones, and took advantage of a flaw in that to jump into putting some code into the parts of user memory, that the system doesn’t fully trust.
Then, that code takes advantage of another flaw to bypass the system’s protections for not fully trusting that code, to secretly launch a web browser and navigate to a secret webpage that runs a much bigger piece of malware.
That malware can read and modify basically anything on the system, and was used to read all sorts of sensitive data: message history, location information, app data, etc.
Because the whole exploit chain was so advanced and involved so many different previously unknown vulnerabilities, basically the list of possible suspects is very, very short: some kind of nation state with advanced hacking capabilities.