{"id":55852,"date":"2016-08-25T16:49:10","date_gmt":"2016-08-25T23:49:10","guid":{"rendered":"https:\/\/www.intego.com\/mac-security-blog\/?p=55852"},"modified":"2016-09-02T09:28:05","modified_gmt":"2016-09-02T16:28:05","slug":"emergency-ios-9-3-5-update-thwarts-pegasus-spyware-patch-now","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/emergency-ios-9-3-5-update-thwarts-pegasus-spyware-patch-now\/","title":{"rendered":"Emergency iOS 9.3.5 Update Thwarts Pegasus Spyware\u2014Patch Now!"},"content":{"rendered":"

\"iOS<\/p>\n

Apple today released iOS update 9.3.5, available for iPhone 4s and later, iPad 2 and later and iPod touch (5th generation) and later. The update addresses three vulnerabilities and received the same generic listing<\/a> as most other updates do. Yet there is much more to this update\u00a0than what Apple mentions in their documentation.<\/p>\n

Discovered by Citizen Lab and Lookout, these three vulnerabilities have been named “Trident.” Exploiting Trident will give an attacker access to your messages, calls, emails, and logs from apps like Gmail, Facebook, Skype, WhatsApp, FaceTime, Calendar, and Viber, among\u00a0others.<\/p>\n

As it turns out, a company called NSO Group (an Israeli-based organization that is said to specialize in cyber warfare and\u00a0sells their services to governments) has been exploiting Trident as part of one of their spyware products, called Pegasus.<\/p>\n

\"NSO\"<\/a>

Image from an NSO Group brochure posted on SIBAT (The International Defense Cooperation Directorate of the Israel Ministry of Defense).<\/p><\/div>\n

Pegasus is the most sophisticated attack we\u2019ve seen on any endpoint because it takes advantage of how integrated mobile devices are in our lives and the combination of features only available on mobile \u2014 always connected (WiFi, 3G\/4G), voice communications, camera, email, messaging, GPS, passwords, and contact lists. It is modular to allow for customization and uses strong encryption to evade detection. (source<\/a>)<\/p><\/blockquote>\n

By sending a victim a phishing text message with a malicious URL, if opened, a web browser will load a page and the page contents will exploit those vulnerabilities. As these vulnerabilities were not known until now, there was no defense and a victim would not even know the device had been\u00a0compromised. Citizen Lab and Lookout believe that this spyware has been around for years, as far back as iOS 7.<\/p>\n

\n

Other orgs spoofed by NSO via lookalike domains include YouTube, Facebook, Google, Univision, BBC, CNN and AlJazeera pic.twitter.com\/nIwKNVDnNC<\/a><\/p>\n

— Christopher Soghoian (@csoghoian) August 25, 2016<\/a><\/p><\/blockquote>\n