Pierluigi Paganini August 26, 2016

Apple has patched the three vulnerabilities just ten days after the security experts from Citizen Lab and Lookout reported them to the company.

Experts from Lookout identified the targeted attack as Pegasus as explained in a detailed blog post.

“Pegasus is the most sophisticated attack we’ve seen on any endpoint because it takes advantage of how integrated mobile devices are in our lives and the combination of features only available on mobile — always connected (WiFi, 3G/4G), voice communications, camera, email, messaging, GPS, passwords, and contact lists. It is modular to allow for customization and uses strong encryption to evade detection.” states the blog post published by Lookout., the three zero-day flaws, dubbed ”

The three zero-day vulnerabilities, dubbed “Trident,” exploited in the attack are:

• CVE-2016-4655: Information leak in Kernel – A kernel base mapping vulnerability that leaks information to the attacker allowing him to calculate the kernel’s location in memory.
• CVE-2016-4656: Kernel Memory corruption leads to Jailbreak – 32 and 64 bit iOS kernel-level vulnerabilities that allow the attacker to silently jailbreak the device and install surveillance software.
• CVE-2016-4657: Memory Corruption in Webkit – A vulnerability in the Safari WebKit that allows the attacker to compromise the device when the user clicks on a link.

Mansoor, who won the ‘Martin Ennals Award’ in the United Arab Emirates, received a text message on his iPhone on August 10. The message was sent from an unknown number.

Mansoor found the message very suspicious and forwarded the message to Bill Marczak, researcher at the Citizen Lab that conducted a joint investigation with mobile security firm Lookout.

The message embedded a link to a high-sophisticated spyware the was designer to exploit the flaws fixed by Apple.