In-brief: Lookout said it identified an active threat that was using three critical iOS zero-day (that is: previously unknown) vulnerabilities. When exploited, the three vulnerabilities “form an attack chain that subverts even Apple’s strong security environment.”
The folks over at Lookout wrote to warn iPhone users about the existence of “targeted attack scenarios against high-value mobile users.
Working with both Citizen Lab at the University of Toronto and Apple’s Security Team, Lookout said it uncovered an active threat that was using three critical iOS zero-day (that is: previously unknown) vulnerabilities. When exploited, the three vulnerabilities “form an attack chain that subverts even Apple’s strong security environment.”
Lookout is calling the holes “Trident” and worked with Apple to issue fixes for them – patches that were pushed out with the recent 9.3.5 iOS patch. From Lookout’s blog:
Trident is used in a spyware product called Pegasus, which according to an investigation by Citizen Lab, is developed by an organization called NSO Group. NSO Group is an Israeli-based organization that was acquired by U.S. company Francisco Partners Management in 2010, and according to news reports specializes in “cyber war.” Pegasus is highly advanced in its use of zero-days, obfuscation, encryption, and kernel-level exploitation.
Holes in the iOS operating system are highly valued by cyber criminal groups and gray market cyber arms dealers, because of the widespread use of the iPhone and the difficulty of compromising Apple’s mobile OS. The firm Zerodium made headlines in 2015 by offering $1 million for working exploits of previously undiscovered, remotely exploitable holes in iOS.
Apple finally joined the list of companies that offer security researchers cash bounties for information on security holes in its products. At the Black Hat Briefings in Las Vegas earlier this month, the company said it would pay rewards of up to $200,000 for five classes of bugs in iOS and iCloud.