Out-of-band iOS update released to prevent installation of Pegasus Spyware Kit

KNOWLEDGE BELONGS TO THE WORLD
Share on FacebookTweet about this on TwitterShare on LinkedInShare on RedditShare on Google+Share on TumblrPin on PinterestDigg this

Today, Apple released the iOS 9.3.5 out-of-band security update, which fixes vulnerabilities that allows attackers to remotely jailbreak an iPhone in order to to install spyware.  First discovered by Citizen Laband Lookout, these vulnerabilities, called Trident, are being used by attackers to install the malware on the target’s iPhone.

The attack is simple; send a phishing text containing a link to a target and try to convince that target to visit the link.  Once the target opens the link they will go to a site that contains an exploit kit, which would remotely jailbreak the phone and install the Pegasus spyware kit.

Citizen Labs and Lookout learned about this attack when human rights activist, Ahmed Mansoor, sent Citizen Labs a suspicious text that he received:

Ahmed Mansoor is an internationally recognized human rights defender and a Martin Ennals Award Laureate (sometimes referred to as a “Nobel prize for human rights”), based in the United Arab Emirates (UAE). On August 10th and 11th, he received text messages promising “secrets” about detainees tortured in UAE jails if he clicked on an included link. Instead of clicking, Mansoor sent the messages to Citizen Lab researchers. Recognizing the links as belonging to an exploit infrastructure connected to NSO group, Citizen Lab collaborated with Lookout to determine that the links led to a chain of zero-day exploits that would have jailbroken Mansoor’s iPhone and installed sophisticated malware.

Once a victim is infected with Pegasus, the spyware can monitor a victim’s messages, calls, emails, logs, and more from various messaging apps including Gmail, Facebook, WhatsApp, and many others.The spyware would then report back this information to the attacker. According to Lookout, the iOS device will stay infected even when it is updated and can be updated remotely to use new exploits that have become available.

Today’s Apple update resolves the three Trident zero-day vulnerabilities that this malware exploits to install itself.  These vulnerabilities are explained in Apple’s iOS 9.3.5 security notice:

ios_tools

Kernel

Available for: iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later

Impact: An application may be able to disclose kernel memory

Description: A validation issue was addressed through improved input sanitization.

CVE-2016-4655: Citizen Lab and Lookout

Kernel

Available for: iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed through improved memory handling.

CVE-2016-4656: Citizen Lab and Lookout

WebKit

Available for: iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later

Impact: Visiting a maliciously crafted website may lead to arbitrary code execution

Description: A memory corruption issue was addressed through improved memory handling.

CVE-2016-4657: Citizen Lab and Lookout

All iOS users, whether they are using iPhones or iPads, are strongly advised to upgrade to iOS 9.3.5 immediately.

Source:http://www.bleepingcomputer.com/

KNOWLEDGE BELONGS TO THE WORLD
Share on FacebookTweet about this on TwitterShare on LinkedInShare on RedditShare on Google+Share on TumblrPin on PinterestDigg this