The hardware feature was exploited in the attacks.

A previously unknown feature in Apple's iPhones has been exposed by the Global Research and Analysis Team. According to the cybersecurity outfit this week, the issue was fixed in July of 2023. The GReAT gang couldn't find any public documentation on it, which made it difficult to detect and analyze the attack. Researchers had to reverse engineer the device to find the vulnerability that was exploited. The attackers used unknown MMIO addresses to get around hardware-based protection. The team had to look through the hardware, firmware, and kernel images to figure out what was happening. The discovery process was difficult due to the closed nature of the Apple platform. This discovery shows that even advanced hardware-based protections can be rendered useless in the face of a sophisticated attacker, particularly when there are hardware features allowing to circumvent these protections. The vulnerability allowed attackers to gain access to targeted devices, deploy spyware, and snoop user data during the "Operation Triangulation" campaign. All the hardware protections in the world won't help if someone leaves in something that allows those protections to be bypassed.