Already rolled into the Pegasus spyware product and used to target social activists, the vulnerabilities are fixed in iOS 9.3.5.
Apple, today, released patches for a trio of iOS zero-day vulnerabilities that, when used together, enable an attacker to remotely, silently jailbreak the device phone and install highly sophisticated spyware upon it.
The vulnerabilities, collectively called "Trident," are patched in iOS version 9.3.5. They include CVE-2016-4655, Memory Corruption in Webkit, CVE-2016-4656, Information leak in Kernel, and CVE-2016-4657, Kernel Memory corruption leads to Jailbreak.
The discovery was made by Lookout and Citizen Lab, who worked with Apple on the patch before making the disclosure. Citizen Lab was tipped off to the bugs first by United Arab Emirates-based human rights defender Ahmed Mansoor, who reported that he had received suspicious text messages. Citizen Lab and Lookout investigated, and found that Mansoor -- who has been targeted by "lawful intercept malware" in the past -- was now being targeted by Francisco Partners Management's Pegasus spyware product, which was now equipped to exploit this trio of undisclosed iOS zero-day vulnerabilities.
For more information, see the blog at Lookout.
About the Author(s)
You May Also Like
Unleash the Power of Gen AI for Application Development, Securely
March 19, 2024The Anatomy of a Ransomware Attack, Revealed
March 20, 2024How To Optimize and Accelerate Cybersecurity Initiatives for Your Business
March 26, 2024Building a Modern Endpoint Strategy for 2024 and Beyond
March 27, 2024Building a Modern Endpoint Strategy for 2024 and Beyond
March 27, 2024