The Citizen Lab discovery exposed three zero-day exploits ((CVE-2016-4655, CVE-2016-4656, CVE-2016-4657)) used by тАЬPegasusтАЭ, a lawful interception cyberespionage tool developed by the Israeli-based NSO Group and sold to government agencies (UAE Human Rights Defender (Ahmed Mansoor)).
Vulnerable component: Apple iOS
CVSSv3 score: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C
CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error in WebKit. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note: the vulnerability was being actively exploited.
Known APT campaigns:
UAE Human Rights Defender Ahmed Mansoor breach
Trident was used to install тАЬPegasusтАЭ, a lawful interception cyberespionage tool developed by the Israeli-based NSO Group and sold to government agencies.
- Nintendo Switch - WebKit Code Execution (PoC) [Exploit-DB]