Already rolled into the Pegasus spyware product and used to target social activists, the vulnerabilities are fixed in iOS 9.3.5.

Dark Reading Staff, Dark Reading

August 26, 2016

1 Min Read

Apple, today, released patches for a trio of iOS zero-day vulnerabilities that, when used together, enable an attacker to remotely, silently jailbreak the device phone and install highly sophisticated spyware upon it. 

The vulnerabilities, collectively called "Trident," are patched in iOS version 9.3.5. They include CVE-2016-4655, Memory Corruption in Webkit, CVE-2016-4656, Information leak in Kernel, and CVE-2016-4657, Kernel Memory corruption leads to Jailbreak. 

The discovery was made by Lookout and Citizen Lab, who worked with Apple on the patch before making the disclosure. Citizen Lab was tipped off to the bugs first by United Arab Emirates-based human rights defender Ahmed Mansoor, who reported that he had received suspicious text messages. Citizen Lab and Lookout investigated, and found that Mansoor -- who has been targeted by "lawful intercept malware" in the past -- was now being targeted by Francisco Partners Management's Pegasus spyware product, which was now equipped to exploit this trio of undisclosed iOS zero-day vulnerabilities.

For more information, see the blog at Lookout.

 

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights