Zero-day vulnerabilities discovered: 6
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error in WebKit. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note: the vulnerability was being actively exploited.
The Citizen Lab discovery exposed three zero-day exploits ((CVE-2016-4655, CVE-2016-4656, CVE-2016-4657)) used by тАЬPegasusтАЭ, a lawful interception cyberespionage tool developed by the Israeli-based NSO Group and sold to government agencies (UAE Human Rights Defender (Ahmed Mansoor)).
Software: Apple iOS
Known/fameous malware:
Trident exploit.
Links:
http://www.securityweek.com/apple-issues-emergency-fix-ios-zero-days-what-you-need-know
https://www.symantec.com/connect/blogs/trident-trio-ios-zero-days-being-exploited-wild
https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/
https://jndok.github.io/2016/10/04/pegasus-writeup/
https://blog.lookout.com/blog/2016/08/25/trident-pegasus/
http://securityaffairs.co/wordpress/50788/mobile-2/ios-9-3-4-trident-exploit.html
https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/
https://en.wikipedia.org/wiki/Pegasus_(spyware)
http://indianexpress.com/article/technology/tech-news-technology/apple-ios-trident-exploit-all-you-n...
http://www.technewsworld.com/story/83845.html
http://www.eweek.com/security/apple-rushes-out-patch-for-new-ios-zero-day-flaws.html
http://www.darkreading.com/vulnerabilities---threats/apple-releases-patch-for-trident-a-trio-of-ios-...
Memory corruption
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to a boundary error when processing a malicious application. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with SYSTEM privileges.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note: the vulnerability was being actively exploited.
The Citizen Lab discovery exposed three zero-day exploits ((CVE-2016-4655, CVE-2016-4656, CVE-2016-4657)) used by тАЬPegasusтАЭ, a lawful interception cyberespionage tool developed by the Israeli-based NSO Group and sold to government agencies (UAE Human Rights Defender (Ahmed Mansoor)).
Software: Apple iOS
Known/fameous malware:
Trident exploit.
Links:
http://www.securityweek.com/apple-issues-emergency-fix-ios-zero-days-what-you-need-know
https://www.symantec.com/connect/blogs/trident-trio-ios-zero-days-being-exploited-wild
https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/
https://jndok.github.io/2016/10/04/pegasus-writeup/
https://blog.lookout.com/blog/2016/08/25/trident-pegasus/
http://securityaffairs.co/wordpress/50788/mobile-2/ios-9-3-4-trident-exploit.html
https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/
https://en.wikipedia.org/wiki/Pegasus_(spyware)
http://indianexpress.com/article/technology/tech-news-technology/apple-ios-trident-exploit-all-you-n...
http://www.technewsworld.com/story/83845.html
http://www.eweek.com/security/apple-rushes-out-patch-for-new-ios-zero-day-flaws.html
http://www.darkreading.com/vulnerabilities---threats/apple-releases-patch-for-trident-a-trio-of-ios-...
Information disclosure
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to improper input validation. A remote attacker can run a specially crafted application, bypass security restrictions and obtain portions of kernel memory.
Successful exploitation of the vulnerability results in information disclosure on the vulnerable system.The Citizen Lab discovery exposed three zero-day exploits ((CVE-2016-4655, CVE-2016-4656, CVE-2016-4657)) used by тАЬPegasusтАЭ, a lawful interception cyberespionage tool developed by the Israeli-based NSO Group and sold to government agencies (UAE Human Rights Defender (Ahmed Mansoor)).
Software: Apple iOS
Known/fameous malware:
Trident exploit.
Links:
https://support.apple.com/en-us/HT207107
http://www.securityweek.com/apple-issues-emergency-fix-ios-zero-days-what-you-need-know
https://www.symantec.com/connect/blogs/trident-trio-ios-zero-days-being-exploited-wild
https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/
https://jndok.github.io/2016/10/04/pegasus-writeup/
https://blog.lookout.com/blog/2016/08/25/trident-pegasus/
http://securityaffairs.co/wordpress/50788/mobile-2/ios-9-3-4-trident-exploit.html
https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/
https://en.wikipedia.org/wiki/Pegasus_(spyware)
http://indianexpress.com/article/technology/tech-news-technology/apple-ios-trident-exploit-all-you-n...
http://www.technewsworld.com/story/83845.html
http://www.eweek.com/security/apple-rushes-out-patch-for-new-ios-zero-day-flaws.html
http://www.darkreading.com/vulnerabilities---threats/apple-releases-patch-for-trident-a-trio-of-ios-...
Integer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow when handling of Type 1 fonts by FreeType. A remote attacker can send a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Note: the vulnerability was being actively exploited.
Exploited in the wild via malicious PDF files.
Software: Apple iOS
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when handling specially crafted overly long RTSP (Real Time Streaming Protocol) Response Content-Type header. A remote attacker can create a specially crafted web page, trick the victim into opening it, cause buffer overflow and execute arbitrary code on vulnerable system.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Software: Apple QuickTime
Known/fameous malware:
Trojan.Quimkit
Links:
https://www.symantec.com/connect/blogs/zero-day-exploit-apple-quicktime-vulnerability
https://ch-fr.norton.com/security_response/writeup.jsp?docid=2007-112605-2410-99
https://www.virusbulletin.com/virusbulletin/2010/05/exploit-kit-explosion-part-two-vectors-attack/
https://www.virusbulletin.com/virusbulletin/2010/11/exploit-identification/
http://www.kb.cert.org/vuls/id/659761
https://www.symantec.com/connect/blogs/apple-quicktime-exploit-twist
Improper file permissions handling
The vulnerability allows a local user to escalation privileges on vulnerable system.
The vulnerability exists in diskutil tool within DiskManagement framework when handling BOM files. A local user can create a specially crafted BOM file, run diskutil with specially crafted BOM file and replace permissions for arbitrary files on vulnerable system.
Successful exploitation of this vulnerability allows a local unprivileged user to elevate his privileges and gain root access to vulnerable system.
Note: the vulnerability is being actively exploited.
Software: macOS