A few days ago, we reported a detailed analysis of the Trident exploit that triggers three vulnerabilities in order to remotely hack Apple mobile devices through the installation of the Pegasus spyware.
The joint investigation conducted by experts from CitizenLab organization and Lookout security firm demonstrated that nation-state actors exploited the three vulnerabilities to spy on activists’ Apple mobile devices.
Experts from Lookout identified the targeted attack as Pegasus as explained in a detailed blog post.
“Pegasus is the most sophisticated attack we’ve seen on any endpoint because it takes advantage of how integrated mobile devices are in our lives and the combination of features only available on mobile — always connected (WiFi, 3G/4G), voice communications, camera, email, messaging, GPS, passwords, and contact lists. It is modular to allow for customization and uses strong encryption to evade detection.” states the blog post published by Lookout., the three zero-day flaws, dubbed ”
The three zero-day vulnerabilities, dubbed “Trident,” exploited in the attack are:
Malware experts linked the attacks leveraging on the Pegasus malware to the activity of the Israeli surveillance NSO Group that has developed a malicious code that has been exploiting three zero-day security vulnerabilities in order to spy on dissidents and journalists.
The vulnerabilities, including a hole in IOMobileFrameBuffer (found and fixed in Safari and coded CVE-2016-4564) affect also desktop Safari and OS X, too.
Do not forget that iOS and OS X, share a big portion of code, so it is normal the presence of the flaws in the MAC desktop PCs.
Apple, that released the iOS 9.3.5 update for its mobile devices (iPhones and iPads) to address the flaws, now has issued security updates also for the Safari Browser and OS X.
Don’t waste time, patch as soon as possible your Apple device.
(Security Affairs – Trident, iOS zero-days, Pegasus spyware)