The postscript to last week’s blog drew your attention to a series of three bugs, which had been patched in iOS by Apple.
The bugs were discovered after a Human Rights journalist – Ahmed Mansoor of the UAE, received an enticing text message saying “New secrets about torture of Emiratis in state prisons” which itself was a link.
Having been the victim of state interception and data theft in the past, Mr Mansoor did not click and instead forwarded the message to Bill Marczak who is a researcher for Citizen Lab, part of the University of Toronto.
It transpired that the link belonged to an Israeli ‘cyber war’ outfit that sells a ‘lawful intercept’ product available to governments only. Further investigation by Citizen and Lookout Security revealed that the linked malware utilised no fewer than three ‘Zero Day’ exploits which would definitely have remotely jailbroken the phone and given the attacker full access.
The three exploits have now got themselves a collective name – The Trident Exploit Chain (mwahahaha). The CVE details are below:
CVE-2016-4657: Visiting a maliciously crafted website may lead to arbitrary code execution
CVE-2016-4655: An application may be able to disclose kernel memory
CVE-2016-4656: An application may be able to execute arbitrary code with kernel privileges
Apple announced patches for these specific nasties last week and somewhat unsurprisingly, given the large amount of shared code between iOS and OS X, has patched the latter indicating that both iPhones and Mac products have been vulnerable, presumably for some time.
While we are on the subject of Macs, if you use the Transmission BitTorrent client, an evil version (of V2.92), which contained Malware, was temporarily uploaded on August the 28th. It isn’t there now but this is worth checking.
Obviously if you are a Mac or iPhone user it is imperative that you make sure you are up to date, pronto.
The fact that governments have access to tools that can access your stuff anytime anywhere is probably not a surprise to many of us. How long has this ‘Trident Exploit Chain’ been around for and how many times has it been used? Who knows?
We would like to congratulate Mr Mansoor for being a very cautious and diligent user; many of us could learn a lesson from him. Praise is also due to Citizen Lab and Lookout Security for unravelling the code and finding the zero days. Fantastic work.
You can read the Citizen Lab report here.
If you would like to discuss anything in this blog or perhaps want to keep your secrets secret, contact us at: [email protected] or call 020 7517 3900
