Security of Apple’s iPhone software between 2019 and 2022 compromised by a serious security vulnerability It’s available in the iOS Messages app. Kaspersky security researchers discovered a hacker attack they called “Operation Triangulation” whose complexity caught their attention.

Kaspersky is one of the most important multinational cybersecurity companies in history and is currently Three security experts wanted to remember how this system works The most sophisticated hacker attack on iPhone.

This attack apparently exploited a vulnerability by executing a series of chained operations to bypass the iPhone’s security measures. We explain this to you below.

This is how the most complex hacker attack on the iPhone took place

Boris Larin, Leonid Bezvershenko and Georgy Kucherin During the CAOS Congress, we made a presentation explaining how “Operation Triangulation” works. Apparently it happened Kaspersky researchers publicly disclose details of security vulnerabilities for the first time These were used in the attack on iMessage.

It all started with a seemingly harmless PDF file sent via MessagesA series of automatic actions took place that spread throughout Safari and gave way to malware.

Operation Triangulation Process

This is a summary of the most complex attack process on Apple’s iPhone in history:

• Sends an offensive message malicious attachment Via the Messages app.
• The application processes: PDF file without displaying any dangerous signals to the user.
• Attached file executes remote code to bypass security vulnerability CVE-2023-41990.
• The code executed an upgrade exploit written in Javascript, which included: 11,000 lines of code.
• This Javascript exploit was run An invisible process in Safari This led to a web page that authenticated the victim and ran a different exploit to gain privileges and install spyware.

Apple operating systems are known for offering the best security on the market. But sometimes, Hackers find vulnerabilities in the system To carry out processes like this complex hacking attack. Fortunately, Apple has already fixed this vulnerability with iOS 16.2; If you have installed this software update or a newer version, there is no need to fear.

We recently discovered that the tiny Flipper Zero device continued to block the iPhone in beta versions of iOS, but Apple quickly fixed this vulnerability related to Bluetooth connectivity.