Pegasus snoopware package used against activists and journalists
Apple has pushed out an emergency security update for iPhones, iPads and iPods after super sophisticated spyware was found exploiting three iOS vulnerabilities.
The iOS 9.3.5 update plugs three holes that, according to researchers, are being exploited right now by the Pegasus surveillance kit – a powerful commercial malware package sold to governments for snooping on dissidents and journalists.
Once installed on a phone or tablet, Pegasus can read messages and emails, listen to calls, monitor social network posts, and so on.
It essentially has comprehensive access to an infected handheld.
The three vulnerabilities exploited by the spy kit are:
CVE-2016-4655: An input validation flaw that could potentially allow iOS kernel memory contents to be viewed by an installed app.
CVE-2016-4656: A remote code execution from memory corruption flaw in iOS kernel that can be exploited by an installed app.
CVE-2016-4657: A remote code execution flaw in WebKit that would allow an attacker to “jailbreak” and install malware on an iOS device by way of a specially crafted webpage.
It appears the three bugs can be exploited in a chain to remotely infect and take control of a vulnerable iThing: a mark is tricked into visiting a boobytrapped webpage, or installing a malicious app, that exploits CVE-2016-4657 and/or CVE-2016-4656 using sensitive information obtained by CVE-2016-4655.
Researchers with Citizen Lab and Lookout report that iOS exploit code, dubbed Trident, was being sold as part of the Pegasus spyware package and used to infect the mobile devices of activists and reporters.
The report names NSO Group, an Israeli security company previously associated with government spyware efforts, as the creator of the Pegasus kit.
The researchers were tipped off by Ahmed Mansoor, a UAE-based human rights activist whose handheld was preyed upon by top-tier spyware sent by state-sponsored hackers. The New York Times believes the malware was also used to snoop on its journalists in a targeted attack.
It’s likely this software has been used against many persons of interest by governments and organizations around the world.
While the risk that most iOS owners would be targeted by the Trident malware is low, anyone using an iPhone 4S, iPad 2, or 5th generation iPad Touch, or anything newer than those devices, should update their iThing as soon as possible now that the details of the flaws have been made public.
Because now anyone can try to exploit them. ®
Sponsored: 2016 Cyberthreat defense report