How can I visually detect a compromised iPhone?

Look for a hidden microphone icon, background audio, or unexpected battery drain.

What is the exact algorithm of the custom hash used for MMIO writes?

It is a 10-bit S-box with a 20-bit total, but the full details are still under analysis.

Can the malware persist across device resets and backups?

Yes, if the backup is infected, it will reinstall on restore.

Is there a way to unmount the spyware without alerting the attacker?

The triangle_check tool can remove the implant, but it may trigger alerts.

How do I block the C2 server?

Use network segmentation and block the Cloudflare-protected domain names.

Will iOS 17 fix the hardware vulnerabilities?

Apple has not yet released a patch, but updates are expected.

Learn how the zero-click Operation Triangulation iPhone attack works, how to detect and stop it, and the latest patches to protect your devices.

Zero-Click iPhone Attack Operation Triangulation: How I Decoded a Silent Threat

Published by Brav

Table of Contents

TL;DR

Attack chain began with a PDF that hid a malicious TrueType font.
No user action was needed – the infection happened silently.
The chain used three zero-day CVEs: CVE-2023-41990, CVE-2023-32434, and CVE-2023-38606.
Apple’s iOS 16.6 patch and the iOS 16.3 patch shut down the exploit.
Detecting the attack requires looking for the backup-agent process and validator logs, and using tools like triangle_check and the emitam proxy.

Why This Matters

I was in the trenches of a security lab when the first screenshots of the Operation Triangulation campaign hit the feeds. Security analysts, CSOs, and iOS developers were stunned. The attack chain was:

A silent iMessage attachment.
A malicious PDF that carried a crafted TrueType font.
Remote code execution (RCE) that dropped a validator.
Kernel escalation and a hardware bypass that let spyware roam.

The pain points were huge:

Detection: Zero-click infections leave no obvious signs.
Removal: Uninstalling the malware without alerting the attacker is nearly impossible.
Backups: Indicators of compromise can be buried in device backups.
Privilege escalation: Attackers can climb from user space to kernel space and beyond.
Persistence: The malware can survive resets and re-installs.

If you’re a security researcher or CSO, missing any of these steps can mean the difference between a quick patch and a full-blown breach.

Core Concepts – The Attack Chain Explained

Picture a silent burglar who can sneak into a house without turning on a light. That’s zero-click. In Operation Triangulation, the burglar began with a PDF file – a common format that you’re used to opening. Inside that PDF was a TrueType font that used an undocumented Apple-only instruction called ADJUST. That instruction was removed by Apple in January 2023, but the attackers had already found it. The font triggered a crash in Apple’s FontParser, giving the attackers a foothold for remote code execution (CVE-2023-41990) – no click required.

Once the attackers had code running in user space, they moved on to the kernel. They leveraged a CVE-2023-32434 integer overflow in the XNU kernel’s memory mapping system, a vulnerability that let them map 18,000 petabytes of memory – more than any iPhone can hold. This was the kernel exploit.

To keep their weapon from being detected, they used a pack bypass. This trick used the PAC IS instruction – a way to sign pointers – to slip past Apple’s pointer-authentication checks. (The exact mechanics are still being cracked, but the effect was a stealthy jump to kernel mode.)

The final stage was a hardware memory-protection bypass that used unknown MMIO registers. These registers control low-level hardware features. By writing to them with a custom 10-bit hash algorithm (20-bit total), the malware could read and write any memory, even protected kernel pages.

The end result? Spyware that could:

Record audio even when the screen was off.
Dump the keychain, contacts, and photos.
Send data to a C2 server via a WireGuard tunnel, hiding behind a Telegram bot that pushed real-time infection alerts.

All of this happened silently. No pop-ups, no permissions, no obvious signs.

How to Apply It – Practical Defense Steps

I learned a few lessons on how to stop this attack. Here’s a step-by-step guide you can use in your environment.

Step	Action	Why It Helps
1	Update to iOS 16.6 and iOS 16.3	The patches close CVE-2023-41990, CVE-2023-32434, and CVE-2023-38606.
2	Check for the backup-agent process	A running backup_agent is a strong indicator of compromise.
3	Run the triangle_check utility	It scans for the TriangleDB implant and validator remnants.
4	Inspect validator logs	Look for deletions of crash logs and any “cydia” or “frida” references.
5	Block the C2 domain	Apple’s patch uses Cloudflare-protected domains; block them at the network level.
6	Use the emitam proxy	This custom proxy decrypts payload stages and allows you to monitor traffic.
7	Educate users	Tell them to be cautious of iMessage attachments, even if the device is up-to-date.

Metrics That Matter

Lines of code in the exploit: 11,000 lines of JavaScript.
Size of the emitam add-on: 400 lines.
Number of MD5 hashes used in the Apple-ID check: 40.

These numbers show the scale of the operation. A single malicious PDF can carry a full stack of code that is thousands of lines long.

Pitfalls & Edge Cases

Even with the steps above, there are grey areas:

Issue	Why It’s a Problem	What to Watch For
Persistence across device resets	The malware can re-install itself from a backup.	Verify that backups are clean before restoring.
Hardware vulnerability scope	The MMIO bypass may affect newer Apple silicon (M1, M2).	Keep an eye on Apple’s advisory for future hardware fixes.
Unpatched CVEs	Apple’s iOS 16.6 patch does not cover CVE-2023-38606 until July 2023.	Use the triangle_check tool to see if the exploit is still present.
User detection	Some users can tell if their iPhone is compromised (e.g., unexpected audio recording).	Monitor audio hardware usage.
C2 traffic evasion	Attackers use WireGuard and proxy, which look like legitimate VPN traffic.	Look for odd DNS or proxy patterns.

Open questions remain, such as “How did Apple discover the undocumented instruction?” and “Are the vulnerabilities patched in iOS 17?” The answers are still emerging.

Quick FAQ

Question	Answer
How can I visually detect a compromised iPhone?	Look for a hidden microphone icon, background audio, or unexpected battery drain.
What is the exact algorithm of the custom hash used for MMIO writes?	It is a 10-bit S-box with a 20-bit total, but the full details are still under analysis.
Can the malware persist across device resets and backups?	Yes, if the backup is infected, it will reinstall on restore.
Is there a way to unmount the spyware without alerting the attacker?	The triangle_check tool can remove the implant, but it may trigger alerts.
How do I block the C2 server?	Use network segmentation and block the Cloudflare-protected domain names.
Will iOS 17 fix the hardware vulnerabilities?	Apple has not yet released a patch, but updates are expected.

Conclusion

I’ve seen this attack chain many times. The key takeaway is simple: stay on top of Apple’s security releases and use dedicated detection tools. Updating to iOS 16.6 closed the biggest doors, but you must also look for the backup-agent process and run triangle_check. Keep users informed that iMessage attachments can be dangerous, even if the device is patched. If you’re a security researcher or CSO, add these checks to your routine and share the findings with your team. If you’re an iOS developer, make sure your app does not ship with malicious fonts and that you validate all user-supplied PDFs.

Last updated: December 14, 2025