Kaspersky’s Global Research and Analysis Team (GReAT) has exposed a previously unknown “feature” in Apple iPhones that allowed malware to bypass hardware-based memory protection.
Addressed as CVE-2023-38606, which was patched in July 2023, the issue affected iPhones running iOS versions up to 16.6, according to the cybersecurity outfit this week.
Kaspersky reckons the hardware feature (technical details here) may have been intended for testing or debugging. Yeah, hopefully that. Certainly, the GReAT gang couldn’t find any public documentation on it, which meant the attack vector proved tricky to detect and analyze using the team’s usual tools when miscreants came to exploit the hole.