General Apple releases emergency patch 9.3.5!

Joe Exotic · August 25, 2016

Apple has released iOS 9.3.5 update for iPhones and iPads to patch three zero-day vulnerabilities after a piece of spyware found targeting the iPhone used by a renowned UAE human rights defender, Ahmed Mansoor.

One of the world's most invasive software weapon distributors, called the NSO Group, has been exploiting three zero-day security vulnerabilities in order to spy on dissidents and journalists.

The NSO Group is an Israeli firm that sells spying and surveillance software that secretly tracks a target's mobile phone.

apple-security-update Apple has released iOS 9.3.5 update for iPhones and iPads to patch three zero-day vulnerabilities after a piece of spyware found targeting the iPhone used by a renowned UAE human rights defender, Ahmed Mansoor.

One of the world's most invasive software weapon distributors, called the NSO Group, has been exploiting three zero-day security vulnerabilities in order to spy on dissidents and journalists.

The NSO Group is an Israeli firm that sells spying and surveillance software that secretly tracks a target's mobile phone.

The zero-day exploits have allowed the company to develop sophisticated spyware tools that can access the device location, contacts, texts, calls logs, emails and even microphone.

Apple fixed these three vulnerabilities within ten days after being informed by two security firms, Citizen Lab and Lookout, who conducted a joint investigation.

Background Story: Malware Discovery

Mansoor, 46, ‘Martin Ennals Award’ winner from the United Arab Emirates, received a text message on his iPhone on August 10, from an unknown number.

Mansoor found the message suspicious and knowing that government hackers had already targeted him in the past, he forwarded that message directly to Citizen Lab researcher Bill Marczak.

Citizen Lab brought in Lookout, a San Francisco mobile security company, to help examine the message.

After analyzing the message content, the researchers found that the link led to a sophisticated piece of malware that exploited three different unknown flaws in Apple’s iOS that would have allowed the attackers to get complete control of Mansoor’s iPhone.

https://imgur.com/a/1WpJ8

Those links, if clicked, "Mansoor’s iPhone would have been turned into a sophisticated bugging device controlled by UAE security agencies," the Citizen Lab explained in a blog post.

"They would have been able to turn on his iPhone’s camera and microphone to record Mansoor and anything nearby, without him being wise about it. They would have been able to log his emails and calls — even those that are encrypted end-to-end. And, of course, they would have been able to track his precise whereabouts."

According to a blog post published by Lookout, the three zero-day flaws, dubbed "Trident" by the firm, involved:

1. A memory corruption vulnerability in WebKit that could allow hackers to exploit a device when a user clicks on a malicious link.

2. Two kernel bugs (allowing device jailbreak) that an attacker secretly installs malware on victim’s device to carry out surveillance.

Apple released the patch update, iOS 9.3.5, on Thursday, and labeled it "important," advising its users to install the latest version of iOS as soon as possible to protect their devices against these potential security exploits.

You can install the security update over-the-air (OTA) via your iPhone or iPad's settings.

Credits: http://thehackernews.com/2016/08/apple-security-update.html?m=1

Rook · August 25, 2016

So you're safe as long as you don't get that link?

Jake1test1 · August 25, 2016

yeah your safe as long you dont get the link ( i think)?

Amuyea · August 25, 2016

Bravo Apple

Kizzy · August 25, 2016

So you're safe as long as you don't get that link?

just dont click on it i believe

Joe Exotic · August 25, 2016

So you're safe as long as you don't get that link?

yeah your safe as long you dont get the link ( i think)?

I think it's any link because anyone can just change it. Just don't click on any links you don't trust

Jake1test1 · August 25, 2016

just dont click on it i believe

oh k.

August 25, 2016

Lol Im going to the link

vrtxf · August 26, 2016

There are no links you can trust, it's the internet.

Simply put it's enough for you to visit a website with a malformed AD.

I'm sure you guys know that clicking a link = making a request.

There is a solution inside certificates and encryption to the point where you need to "target" specific individuals to infect them but the state it is described in right now there is no way to consistently protect yourself. Considering that once you are infected you can't trust your device disconnecting from the internet isn't even a solution ...

To point out something that would enable you to know when / if you are infected, the solution is to have all your traffic monitored at all time. I'm working on doing that for myself right now and will bundle it somehow along the tutorial posts

I'm really excited about "HACKERLAND 2017" !!! It's going to be an interesting year

PS: If I had this hack the first thing I would do would be to find lots of websites (forums in special) where a lot of mobile users spend their time, make a really nice rich text signature that is actually just an image that is behind a processor that checks your user agent. I'm sure you can guess the rest

PS2: If the hack requires you to actually manually open the link in a new tab then yeah (maybe) it can be avoided if someone doesn't figure out some neat XSS / popup. Otherwise I think it's safe to say we're all doomed =))