Apple has released an emergency update for iOS

Apple released an emergency update for iOS (iOS 9.3.5), fixing three critical 0day vulnerabilities with identifiers CVE-2016-4655, CVE-2016-4656, CVE-2016-4657. The peculiarity of these vulnerabilities lies in the fact that they are used by attackers in targeted attacks to gain remote access to the device with maximum rights. By itself, the case of using three 0day vulnerabilities for iOS is truly unprecedented. The cyber attack was discovered by specialists from two companies: Lookout and Citizen Lab. A bunch of three exploits called Trident, and the malware installed by Pegasus. Such a bundle ensures that the device is compromised with iOS below version 9.3.5, regardless of whether jailbreak is installed on it or not. One of the vulnerabilities allows you to disable the legitimacy check run in iOS code and perform a remote jailbreak.



As already mentioned, the exploit exploits three vulnerabilities in iOS.

• The first stage uses the Remote Code Execution (RCE) vulnerability with the identifier CVE-2016-4657 in the WebKit web browser engine, which allows you to remotely execute code on the device using a specially crafted web page. In this case, the victim receives a link to the web page in an SMS-message.
• Next, the exploit exploits the Security Feature Bypass (SFB) vulnerability CVE-2016-4655, which allows you to bypass Kernel ASLR (KASLR) and reveal the virtual kernel address in iOS memory.
• The last stage uses the CVE-2016-4656 Local Privilege Escalation (LPE) vulnerability, the exploitation code of which is passed the opened kernel address in memory. At this stage, the exploit code can run its code in kernel mode and disable the legitimacy check (digital signature) of applications launched in iOS (jailbreak), which makes it possible to launch malicious software on the device.

The original message with a malicious link.

')

The attackers chose the well-known human rights defender Ahmed Mansoor, who received SMS messages with malicious links on his iPhone as a target for cyber attack.



Note that the described exploit is exactly the case for which Zerodium offered to purchase $ 1 million. This is an exploit with the possibility of a remote jailbreak.

ZERODIUM will be able to make it up for you to make it possible for you to use it.

This attack is a very big exception to all that was previously observed for the highly secure Apple iOS mobile OS. The number of malware for iOS is a dozen, and almost all of them are aimed at devices with an installed jailbreak. We don’t even have to say about the exploits, because until this moment it is impossible to recall any in-the-wild cyber attacks that would use exploits to remotely install code on iOS.



We recommend that users install iOS 9.3.5 as soon as possible. To check the update and install it, go to Settings-> Basic-> Software Update.





be secure.