The Citizen Lab discovery exposed three zero-day exploits ((CVE-2016-4655, CVE-2016-4656, CVE-2016-4657)) used by тАЬPegasusтАЭ, a lawful interception cyberespionage tool developed by the Israeli-based NSO Group and sold to government agencies (UAE Human Rights Defender (Ahmed Mansoor)).
Vulnerable component: Apple iOS
CVSSv3 score: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C
CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error in WebKit. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note: the vulnerability was being actively exploited.
Known APT campaigns:
UAE Human Rights Defender Ahmed Mansoor breach
Trident was used to install тАЬPegasusтАЭ, a lawful interception cyberespionage tool developed by the Israeli-based NSO Group and sold to government agencies.
Latest references in media:
- Beware of the Trident Exploits [2018-06-13 01:24:48]
- Borked browser baked into Nintendo Switch [2017-03-15 06:10:01]
- In Review: 2016тАЩs Mobile Threat Landscape Brings Diversity, Scale, and Scope [2017-01-19 00:07:10]
- Trident iOS Vulnerabilities Fully Dissected [2016-11-03 18:23:52]
- Apple Patches Trident Vulnerabilities in OS X, Safari [2016-09-05 10:17:23]
- Apple Patches Spyware-Related Zero-Days in OS X, Safari [2016-09-05 10:10:13]
- Apple Slips out Trident Patches for Mac Users [2016-09-05 10:02:23]
- iOS 9.3.4 and minor versions are vulnerable to the Trident Exploit [2016-08-31 08:37:15]
- Apple Speeds iOS Patch to Bring Down Pegasus [2016-08-26 23:39:16]
- Apple fixed Zero-Days flaws exploited by nation-state spyware [2016-08-26 17:43:00]
- Apple Issues Emergency Fix for iOS Zero-Days: What You Need to Know [2016-08-26 14:12:37]
- Apple Spears Trident Zero-Days with Security Update [2016-08-26 13:39:11]
- Apple plugs three actively exploited iOS zero-days [2016-08-26 08:32:03]
- Emergency iOS Update Patches Zero Days Used by Government Spyware [2016-08-25 23:51:52]
- Out-of-band iOS update released to prevent installation of Pegasus Spyware Kit [2016-08-25 23:29:12]
- Apple patches iOS against potent zero-day spyware attack [2016-08-25 21:40:33]
- Patch your iPhones, iPads now тАУ spy tools exploit zero-day vulns [2016-08-25 21:04:26]
Vulnerability scanning SaaS service is online 3-rd generation vulnerability scanner with scheduled assessments and vulnerability subscription. You can use service to check security of your network perimeter.