Apple Inc.'s AAPL iPhones were targeted by malicious parties for four years using the "most sophisticated attack chain" ever seen by cybersecurity researchers at Kaspersky.
What Happened: Hackers exploited an advanced iMessage vulnerability using four zero-day exploits over the course of four years between 2019 and 2022, according to details revealed by Kaspersky.
Initially discovered in June 2023, the security firm has now revealed more details about how this iPhone backdoor campaign was carried out and which iPhones and iOS versions were affected.
While the research firm says it has observed over 30 zero-day exploits in products and services from Adobe, Apple, Google, and Microsoft, this iPhone backdoor is "the most sophisticated attack chain we have ever seen."
A zero-day is a vulnerability that is not known to the owners or makers of the product or service. In this case, Apple was unaware of four zero-days affecting iMessage between 2019 and 2022.
Apple fixed these vulnerabilities in iOS 16.2 that was released in December 2022. The company has also added an additional layer of hardware security in recent iPhones to prevent hackers from obtaining full control of the device, the research firm said.
"Our guess is that this unknown hardware feature was most likely intended to be used for debugging or testing purposes by Apple engineers or the factory, or that it was included by mistake," Kaspersky said, seeking help from iOS security researchers to decode a vulnerability that remains a mystery for now.
Why It Matters: Apple's iMessage has been a vector of attacks by malicious parties for a while now.
One of the most prominent and advanced attacks, Pegasus, used a zero-day in iMessage to allow hackers to access the microphone, camera and other features of victims' iPhones.
Google's Project Zero team of security researchers called it "one of the most technically sophisticated exploits we've ever seen."
Image Credits – Shutterstock
Check out more of Benzinga’s Consumer Tech coverage by following this link.
Read Next: How To Turn On Apple’s Stolen Device Protection On Your Shiny New iPhone
© 2024 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
Comments
Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.