A hacking group exposed some nasty holes that Apple has patched with an emergency fix.
Over the past few days, Apple has released a point-release to iOS 9.3 – iOS 9.3.5 – that was released to patch vulnerabilities exploited by the Pegasus malware. Pegasus, a set of tools that is branded as “lawful intercept” spyware by the NSO Group and has sold to some nation states for up to $1M USD. It could be used to remotely jailbreak iPhones and then use the device’s microphone to eavesdrop on suspected dissidents and its cameras to capture images of them.
iOS 9.3.5 was released to specifically thwart this malware.
Pegasus was highly sophisticated, silently installing itself via a link sent to an unsuspecting user via text message. Once installed, Pegasus can do more than just spy on you, it can also intercept cellular calls, Facetime audio and video calls, text messages, email and more. The software has been nicknamed an attack “lookout.”
Security Analysis firm Lookout indicates that Pegasus can take advantage of the following security weaknesses in iOS 9.x:
The malware exploits three zero-day vulnerabilities, or Trident, in Apple iOS:
CVE-2016-4655: Information leak in Kernel – A kernel base mapping vulnerability that leaks information to the attacker allowing him to calculate the kernel’s location in memory.
CVE-2016-4656: Kernel Memory corruption leads to Jailbreak – 32 and 64 bit iOS kernel-level vulnerabilities that allow the attacker to silently jailbreak the device and install surveillance software.
CVE-2016-4657: Memory Corruption in Webkit – A vulnerability in the Safari Webkit that allows the attacker to compromise the device when the user clicks on a link.
Pegasus is one of the most advanced set of malware tool sets available today because its customizable. It can be used to track a wide range of communication items from its victims and it uses strong encryption to protect itself and avoid detection. Both Lookout and Citizen Lab helped identify and inform Apple about the malware. Apple was able to work quickly to develop and test an update that patched the exploits in under two weeks.
While individuals in the US are very unlikely to be exposed or vulnerable to Pegasus, its highly recommended that you download and install this update to iOS 9.x immediately. If you have jailbroken your iOS 9.x powered iDevice, this will quickly and neatly place you back within Apple’s walled garden.