Trident - Sophisticated, persistent mobile attack against high-value targets on iOS
Trident - Sophisticated, persistent mobile attack against high-value targets on iOS
(blog.lookout.com)
Citizen Lab and Lookout have uncovered an active threat (called "Trident") of state-sponsored actors using a combination of three zero-days in iOS to essentially perform a stealth jailbreak in a target device and exfiltrate all communication (calls, texts, email, and other app specific data). The entry point is via spear-phishing (email, text), in which the victim clicks on a link that exploits the first vulnerability in WebKit:
CVE-2016-4655: Memory Corruption in Webkit – A vulnerability in the Safari WebKit that allows the attacker to compromise the device when the user clicks on a link.Apple has already provided fixes for these, so install iOS 9.3.5 ASAP.
CVE-2016-4656: Information leak in Kernel – A kernel base mapping vulnerability that leaks information to the attacker allowing him to calculate the kernel’s location in memory.
CVE-2016-4657: Kernel Memory corruption leads to Jailbreak – 32 and 64 bit iOS kernel-level vulnerabilities that allow the attacker to silently jailbreak the device and install surveillance software.