Zero-day vulnerability in Apple iOS

Memory corruption
CVE-2016-4656

The Citizen Lab discovery exposed three zero-day exploits ((CVE-2016-4655, CVE-2016-4656, CVE-2016-4657)) used by тАЬPegasusтАЭ, a lawful interception cyberespionage tool developed by the Israeli-based NSO Group and sold to government agencies (UAE Human Rights Defender (Ahmed Mansoor)).

Known malware:

Trident exploit.

Vulnerability details

Advisory: SB2016082402 - Multiple vulnerabilities in Apple iOS

Vulnerable component: Apple iOS

CVE-ID: CVE-2016-4656

CVSSv3 score: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C

CWE-ID: CWE-119 - Memory corruption

Description:

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to a boundary error when processing a malicious application. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with SYSTEM privileges.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note: the vulnerability was being actively exploited.

Known APT campaigns:

UAE Human Rights Defender Ahmed Mansoor breach

Trident was used to install тАЬPegasusтАЭ, a lawful interception cyberespionage tool developed by the Israeli-based NSO Group and sold to government agencies.

External links:

http://www.securityweek.com/apple-issues-emergency-fix-ios-zero-days-what-you-need-know
https://www.symantec.com/connect/blogs/trident-trio-ios-zero-days-being-exploited-wild
https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/
https://jndok.github.io/2016/10/04/pegasus-writeup/
https://blog.lookout.com/blog/2016/08/25/trident-pegasus/
http://securityaffairs.co/wordpress/50788/mobile-2/ios-9-3-4-trident-exploit.html
https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/
https://en.wikipedia.org/wiki/Pegasus_(spyware)
http://indianexpress.com/article/technology/tech-news-technology/apple-ios-trident-exploit-all-you-n...
http://www.technewsworld.com/story/83845.html
http://www.eweek.com/security/apple-rushes-out-patch-for-new-ios-zero-day-flaws.html
http://www.darkreading.com/vulnerabilities---threats/apple-releases-patch-for-trident-a-trio-of-ios-...


About zero-day vulnerabilities

Zero-day vulnerability is an undisclosed vulnerability in software that hackers can exploit to compromise computer programs, gain unauthorized access to sensitive data, penetrate networks, etc. We consider vulnerability a zero-day when there is no solution provided from software vendor and the vulnerability is being actively exploited by malicious actors.

Zero-day candidate is a potential zero-day vulnerability in software which might have been used in targeted attacks, however there is no evidence to support this suggestion.