Zero-day vulnerability in Apple iOS

Memory corruption
CVE-2016-4657

The Citizen Lab discovery exposed three zero-day exploits ((CVE-2016-4655, CVE-2016-4656, CVE-2016-4657)) used by “Pegasus”, a lawful interception cyberespionage tool developed by the Israeli-based NSO Group and sold to government agencies (UAE Human Rights Defender (Ahmed Mansoor)).

Known malware:

Trident exploit.

Vulnerability details

Advisory: SB2016082402 - Multiple vulnerabilities in Apple iOS

Vulnerable component: Apple iOS

CVE-ID: CVE-2016-4657

CVSSv3 score: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Description:

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error in WebKit. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: the vulnerability was being actively exploited.

Known APT campaigns:

UAE Human Rights Defender Ahmed Mansoor breach

Trident was used to install “Pegasus”, a lawful interception cyberespionage tool developed by the Israeli-based NSO Group and sold to government agencies.

Latest references in media:

Vulnerability Scanning SaaS

Vulnerability scanning SaaS service is online 3-rd generation vulnerability scanner with scheduled assessments and vulnerability subscription. You can use service to check security of your network perimeter.