Apple releases 'Emergency' Patch after Exploits Targets Human Rights Activist
You’ll want to be updating your iOS devices to 9.3.5, the version released today by Apple — especially if you’re a prominent human rights activist or journalist. A recently thwarted attack on just such a person employed not one but three zero-day exploits addressed by the patch.
One of the world's most invasive software weapon (Spyware) distributors, called the NSO Group, has been exploiting three zero-day security vulnerabilities in order to spy on dissidents and journalists.
The NSO Group is an Israeli firm that sells spying and surveillance software that secretly tracks a target's mobile phone.
The subsequent investigation suggests these were the work of a shadowy cybersecurity company whose software may have been used for years by governments looking to compromise political targets.
Ahmed Mansoor (pictured above), an award-winning activist based in the UAE, received some suspicious text messages two weeks ago promising information on detainees being tortured — but Mansoor, who has been targeted multiple times in the past by high-profile “lawful intercept” tools, decided instead to send the text to Canadian security research organization Citizen Lab.
Assisted by Lookout Security, Citizen Lab went down the rabbit hole, and found it much deeper than expected.
The text messages were a trap, of course, but one of unprecedented complexity. That single link would have leveraged three separate and highly serious exploits in iOS — executing arbitrary code through WebKit, gaining access to the kernel, and then executing code within the kernel. It’s rare enough to find a zero-day in the wild, let alone three at once.
The result would have been a one-step jailbreak with malicious code injected under the hood — granting complete access to all the phone’s data and communications. This triple threat of exploits building on one another gained the appropriate moniker “Trident.”
These exploits were immediately sent to Apple, which ten days later — today — issued a patch fixing them. Apple declined to comment beyond the following statement and labeled it "important,": “We were made aware of this vulnerability and immediately fixed it with iOS 9.3.5. We advise all of our customers to always download the latest version of iOS to protect themselves against potential security exploits.”
You can install the security update over-the-air (OTA) via your iPhone or iPad's settings.
After breaching with Trident, the malware that would have lingered on the device was immediately recognized by the researchers as Pegasus, a piece of commercial spyware software sold by Israel-based cybersecurity company NSO Group. This was the first time it had been caught in the wild. (Perhaps the team working on it should have been called Bellerophon.)
Pegasus was one of the tools that Hacking Team apparently used — and later, inadvertently publicized when its emails were leaked. NSO also showed up when, retrospectively, Citizen Lab’s investigation found traces of the company’s work in a separate threat being tracked in the UAE known as Stealth Falcon. Lastly, the NSO signature was also on malware that had targeted Mexican journalist Rafael Cabrera; he had been working on a story that potentially discredited the country’s president.
NSO is reportedly owned or at least invested in by San Francisco equity firm Francisco Partners, which did not respond to requests for more information.
Spyware firms like NSOGroup want a way to break into an iPhone — but as long as it’s working, they only need one. That lets them pay top dollar to make sure it stays secret and unpatched. "Offense prices are not just paying for the vulnerability or exploit," says Luta Security CEO Katie Moussouris, one of the industry’s leading advocates for bug bounties. "They are paying for the exclusivity and longevity of use of the bug against their targets."
Source: Lookout Security, Citizen Lab
One of the world's most invasive software weapon (Spyware) distributors, called the NSO Group, has been exploiting three zero-day security vulnerabilities in order to spy on dissidents and journalists.
The NSO Group is an Israeli firm that sells spying and surveillance software that secretly tracks a target's mobile phone.
The subsequent investigation suggests these were the work of a shadowy cybersecurity company whose software may have been used for years by governments looking to compromise political targets.
Ahmed Mansoor (pictured above), an award-winning activist based in the UAE, received some suspicious text messages two weeks ago promising information on detainees being tortured — but Mansoor, who has been targeted multiple times in the past by high-profile “lawful intercept” tools, decided instead to send the text to Canadian security research organization Citizen Lab.
Assisted by Lookout Security, Citizen Lab went down the rabbit hole, and found it much deeper than expected.
The text messages were a trap, of course, but one of unprecedented complexity. That single link would have leveraged three separate and highly serious exploits in iOS — executing arbitrary code through WebKit, gaining access to the kernel, and then executing code within the kernel. It’s rare enough to find a zero-day in the wild, let alone three at once.
The result would have been a one-step jailbreak with malicious code injected under the hood — granting complete access to all the phone’s data and communications. This triple threat of exploits building on one another gained the appropriate moniker “Trident.”
These exploits were immediately sent to Apple, which ten days later — today — issued a patch fixing them. Apple declined to comment beyond the following statement and labeled it "important,": “We were made aware of this vulnerability and immediately fixed it with iOS 9.3.5. We advise all of our customers to always download the latest version of iOS to protect themselves against potential security exploits.”
You can install the security update over-the-air (OTA) via your iPhone or iPad's settings.
After breaching with Trident, the malware that would have lingered on the device was immediately recognized by the researchers as Pegasus, a piece of commercial spyware software sold by Israel-based cybersecurity company NSO Group. This was the first time it had been caught in the wild. (Perhaps the team working on it should have been called Bellerophon.)
Pegasus was one of the tools that Hacking Team apparently used — and later, inadvertently publicized when its emails were leaked. NSO also showed up when, retrospectively, Citizen Lab’s investigation found traces of the company’s work in a separate threat being tracked in the UAE known as Stealth Falcon. Lastly, the NSO signature was also on malware that had targeted Mexican journalist Rafael Cabrera; he had been working on a story that potentially discredited the country’s president.
NSO is reportedly owned or at least invested in by San Francisco equity firm Francisco Partners, which did not respond to requests for more information.
Spyware firms like NSOGroup want a way to break into an iPhone — but as long as it’s working, they only need one. That lets them pay top dollar to make sure it stays secret and unpatched. "Offense prices are not just paying for the vulnerability or exploit," says Luta Security CEO Katie Moussouris, one of the industry’s leading advocates for bug bounties. "They are paying for the exclusivity and longevity of use of the bug against their targets."
Source: Lookout Security, Citizen Lab
No comments
Post a Comment