Operation Triangulate: Casually 0-click pwning iOS with undocumented hardware registers

Syonyk · December 27, 2023, 10:43pm

I… uh… well, you know that image of the security researcher sort gibbering quietly and incoherently in the corner after Meltdown/Spectre/Foreshadow/etc all came out, because the hardware wouldn’t hold secrets?

The latest (discovered/discussed…) iOS exploit is the sort of thing that makes you want to do exactly the same thing.

From someone on Twitter:

Yup. Anyway.

Operation Triangulation: The last (hardware) mystery | Securelist is an overview of the undocumented GPU debug hardware registers used to just casually waltz past page table protections and such by writing physical addresses.

Operation Triangulation | Securelist is a list of other related posts on this bit of malware.

https://arstechnica.com/security/2023/12/exploit-used-in-mass-iphone-infection-campaign-targeted-secret-hardware-feature/ is Dan Goodin’s quite accessible writeup on the matter.

But I’ll just quote their description of the exploit chain here. You may want to sit down.

Here is a quick rundown of this 0-click iMessage attack, which used four zero-days and was designed to work on iOS versions up to iOS 16.2.

Attackers send a malicious iMessage attachment, which the application processes without showing any signs to the user.

This attachment exploits the remote code execution vulnerability CVE-2023-41990 in the undocumented, Apple-only ADJUST TrueType font instruction. This instruction had existed since the early nineties before a patch removed it.

It uses return/jump oriented programming and multiple stages written in the NSExpression/NSPredicate query language, patching the JavaScriptCore library environment to execute a privilege escalation exploit written in JavaScript.

This JavaScript exploit is obfuscated to make it completely unreadable and to minimize its size. Still, it has around 11,000 lines of code, which are mainly dedicated to JavaScriptCore and kernel memory parsing and manipulation.

It exploits the JavaScriptCore debugging feature DollarVM ($vm) to gain the ability to manipulate JavaScriptCore’s memory from the script and execute native API functions.

It was designed to support both old and new iPhones and included a Pointer Authentication Code (PAC) bypass for exploitation of recent models.

It uses the integer overflow vulnerability CVE-2023-32434 in XNU’s memory mapping syscalls (mach_make_memory_entry and vm_map) to obtain read/write access to the entire physical memory of the device at user level.

It uses hardware memory-mapped I/O (MMIO) registers to bypass the Page Protection Layer (PPL). This was mitigated as CVE-2023-38606.

After exploiting all the vulnerabilities, the JavaScript exploit can do whatever it wants to the device including running spyware, but the attackers chose to: (a) launch the IMAgent process and inject a payload that clears the exploitation artefacts from the device; (b) run a Safari process in invisible mode and forward it to a web page with the next stage.

The web page has a script that verifies the victim and, if the checks pass, receives the next stage: the Safari exploit.

The Safari exploit uses CVE-2023-32435 to execute a shellcode.

The shellcode executes another kernel exploit in the form of a Mach object file. It uses the same vulnerabilities: CVE-2023-32434 and CVE-2023-38606. It is also massive in terms of size and functionality, but completely different from the kernel exploit written in JavaScript. Certain parts related to exploitation of the above-mentioned vulnerabilities are all that the two share. Still, most of its code is also dedicated to parsing and manipulation of the kernel memory. It contains various post-exploitation utilities, which are mostly unused.

The exploit obtains root privileges and proceeds to execute other stages, which load spyware. We covered these stages in our previous posts.

AAAAAAGH.

It’s got just about everything you could want in a spy novel grade exploit. PAC bypass. Unknown hardware registers to bypass [everything]. Chains of vulnerabilities. And, of course, it starts off with an iMessage 0click 0day in some weird-ass Apple-only legacy extension from the 90s.

My advice? Enable Lockdown if you have it, then shut your phone off, put it in a Faraday bag, and kiss your ass goodbye.

This is the state of modern computing security, in glorious, high definition detail: “Oh. You’re fucked. Sorry.”

kjw · December 30, 2023, 2:45pm

Yikes! “The exploit targets Apple A12-A16 Bionic SoCs” found not only in iPhones, but also Apple TV, Apple Studio Display (a monitor featuring “Hey Siri”; an IoT device), iPads, MacBooks, and likely other products **1 not yet documented.

Silicon bugs will be with us for years, probably decades!

**1 - Apple silicon - Wikipedia

Syonyk · December 30, 2023, 9:39pm

… the monitor is… oh my. Dear future, I’d like to get off!

The good news is that at least it’s fairly easy to block these registers - they added a “deny” bit to the device tree blob, though at some point if you’ve already got some kernel execution I’m not sure how much this helps.

Anyway, it’s fine. This is all fine. Computers are in everything, so what choice do we have?