Today, Apple released the iOS 9.3.5 out-of-band security update, which fixes vulnerabilities that allows attackers to remotely jailbreak an iPhone in order to to install spyware. First discovered by Citizen Laband Lookout, these vulnerabilities, called Trident, are being used by attackers to install the malware on the target’s iPhone.
The attack is simple; send a phishing text containing a link to a target and try to convince that target to visit the link. Once the target opens the link they will go to a site that contains an exploit kit, which would remotely jailbreak the phone and install the Pegasus spyware kit.
Citizen Labs and Lookout learned about this attack when human rights activist, Ahmed Mansoor, sent Citizen Labs a suspicious text that he received:
Ahmed Mansoor is an internationally recognized human rights defender and a Martin Ennals Award Laureate (sometimes referred to as a “Nobel prize for human rights”), based in the United Arab Emirates (UAE). On August 10th and 11th, he received text messages promising “secrets” about detainees tortured in UAE jails if he clicked on an included link. Instead of clicking, Mansoor sent the messages to Citizen Lab researchers. Recognizing the links as belonging to an exploit infrastructure connected to NSO group, Citizen Lab collaborated with Lookout to determine that the links led to a chain of zero-day exploits that would have jailbroken Mansoor’s iPhone and installed sophisticated malware.
Once a victim is infected with Pegasus, the spyware can monitor a victim’s messages, calls, emails, logs, and more from various messaging apps including Gmail, Facebook, WhatsApp, and many others.The spyware would then report back this information to the attacker. According to Lookout, the iOS device will stay infected even when it is updated and can be updated remotely to use new exploits that have become available.
Today’s Apple update resolves the three Trident zero-day vulnerabilities that this malware exploits to install itself. These vulnerabilities are explained in Apple’s iOS 9.3.5 security notice:
Kernel
Available for: iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later
Impact: An application may be able to disclose kernel memory
Description: A validation issue was addressed through improved input sanitization.
CVE-2016-4655: Citizen Lab and Lookout
Kernel
Available for: iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed through improved memory handling.
CVE-2016-4656: Citizen Lab and Lookout
WebKit
Available for: iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later
Impact: Visiting a maliciously crafted website may lead to arbitrary code execution
Description: A memory corruption issue was addressed through improved memory handling.
CVE-2016-4657: Citizen Lab and Lookout
All iOS users, whether they are using iPhones or iPads, are strongly advised to upgrade to iOS 9.3.5 immediately.
Source:https://www.bleepingcomputer.com/
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.
