| 發表文章 | 發起投票 |
(香港政壇幾多人中?) 蘋果手機操作系統(iOS)保安問題
[#e30c1a]August 25, 2016[/#e30c1a]
Sophisticated, persistent mobile attack against high-value targets on iOS
By Lookout and Citizen Lab
Source link:
Read more: Sophisticated, persistent mobile attack against high-value targets on iOS (https://blog.lookout.com/blog/2016/08/25/trident-pegasus/)
Citizen Lab (Munk School of Global Affairs, University of Toronto) and Lookout have uncovered an active threat using three critical iOS zero-day vulnerabilities that, when exploited, form an attack chain that subverts even Apple’s strong security environment. We call these vulnerabilities “Trident.” Our two organizations have worked directly with Apple’s security team, which was very responsive and immediately fixed all three Trident iOS vulnerabilities in its 9.3.5 patch.
All individuals should update to the latest version of iOS immediately. If you’re unsure what version you’re running, you can check Settings > General > About > Version. Lookout will send an alert to a customer’s phone any time a new update is available. Lookout’s products also detect and alert customers to this threat.
Trident is used in [#c90e1b]a spyware product called Pegasus[/#c90e1b], which according to an investigation by Citizen Lab, is developed by an organization called NSO Group. NSO Group is an Israeli-based organization that was acquired by U.S. company Francisco Partners Management in 2010, and according to news reports specializes in “cyber war.” [#cf1f2b]Pegasus is highly advanced in its use of zero-days, obfuscation, encryption, and kernel-level exploitation.[/#cf1f2b]
We have created two reports that discuss the use of this targeted attack against political dissidents and provide a detailed analysis of the malicious code itself. In its report, Citizen Lab details [#ab262e]how attackers targeted a human rights defender with mobile spyware, providing evidence that governments digitally harass perceived enemies, including activists, journalists, and human rights workers. [/#ab262e]In its report, Lookout provides an in-depth technical look at the targeted espionage attack that is actively being used against iOS users throughout the world.
The Pegasus spyware
Pegasus is the most sophisticated attack we’ve seen on any endpoint because it takes advantage of how integrated mobile devices are in our lives and the combination of features only available on mobile — [#c9202c]always connected (WiFi, 3G/4G), voice communications, camera, email, messaging, GPS, passwords, and contact lists[/#c9202c]. It is modular to allow for customization and uses strong encryption to evade detection. Lookout’s analysis determined that the malware exploits three zero-day vulnerabilities, or Trident, in Apple iOS:
CVE-2016-4655: Information leak in Kernel – A kernel base mapping vulnerability that leaks information to the attacker allowing him to calculate the kernel’s location in memory.
CVE-2016-4656: Kernel Memory corruption leads to Jailbreak – 32 and 64 bit iOS kernel-level vulnerabilities that allow the attacker to silently jailbreak the device and install surveillance software.
CVE-2016-4657: Memory Corruption in Webkit – A vulnerability in the Safari WebKit that allows the attacker to compromise the device when the user clicks on a link.
The attack sequence, [#c20a16]boiled down, is a classic phishing scheme: send text message, open web browser, load page, exploit vulnerabilities, install persistent software to gather information. [/#c20a16]This, however, happens invisibly and silently, such that victims do not know they’ve been compromised.
In this case, the software is highly configurable: depending on the country of use and feature sets purchased by the user, [#a6101a]the spyware capabilities include accessing messages, calls, emails, logs, and more from apps including Gmail, Facebook, Skype, WhatsApp, Viber, FaceTime, Calendar, Line, Mail.Ru, WeChat, SS, Tango, and others.[/#a6101a] The kit appears to persist even when the device software is updated and can update itself to easily replace exploits if they become obsolete.
We believe that this spyware has been in the wild for a significant amount of time based on some of the indicators within the code (e.g., a kernel mapping table that has values all the way back to iOS 7). It is also being used to attack high-value targets for multiple purposes, including high-level corporate espionage on iOS, Android, and Blackberry.
Read more: Sophisticated, persistent mobile attack against high-value targets on iOS (https://blog.lookout.com/blog/2016/08/25/trident-pegasus/)
阿共應該都識得玩呢啲
上面應該有唔少IT專才
唔知香港有幾多人中?
Sophisticated, persistent mobile attack against high-value targets on iOS
By Lookout and Citizen Lab
Source link:
Read more: Sophisticated, persistent mobile attack against high-value targets on iOS (https://blog.lookout.com/blog/2016/08/25/trident-pegasus/)
Citizen Lab (Munk School of Global Affairs, University of Toronto) and Lookout have uncovered an active threat using three critical iOS zero-day vulnerabilities that, when exploited, form an attack chain that subverts even Apple’s strong security environment. We call these vulnerabilities “Trident.” Our two organizations have worked directly with Apple’s security team, which was very responsive and immediately fixed all three Trident iOS vulnerabilities in its 9.3.5 patch.
All individuals should update to the latest version of iOS immediately. If you’re unsure what version you’re running, you can check Settings > General > About > Version. Lookout will send an alert to a customer’s phone any time a new update is available. Lookout’s products also detect and alert customers to this threat.
Trident is used in [#c90e1b]a spyware product called Pegasus[/#c90e1b], which according to an investigation by Citizen Lab, is developed by an organization called NSO Group. NSO Group is an Israeli-based organization that was acquired by U.S. company Francisco Partners Management in 2010, and according to news reports specializes in “cyber war.” [#cf1f2b]Pegasus is highly advanced in its use of zero-days, obfuscation, encryption, and kernel-level exploitation.[/#cf1f2b]
We have created two reports that discuss the use of this targeted attack against political dissidents and provide a detailed analysis of the malicious code itself. In its report, Citizen Lab details [#ab262e]how attackers targeted a human rights defender with mobile spyware, providing evidence that governments digitally harass perceived enemies, including activists, journalists, and human rights workers. [/#ab262e]In its report, Lookout provides an in-depth technical look at the targeted espionage attack that is actively being used against iOS users throughout the world.
The Pegasus spyware
Pegasus is the most sophisticated attack we’ve seen on any endpoint because it takes advantage of how integrated mobile devices are in our lives and the combination of features only available on mobile — [#c9202c]always connected (WiFi, 3G/4G), voice communications, camera, email, messaging, GPS, passwords, and contact lists[/#c9202c]. It is modular to allow for customization and uses strong encryption to evade detection. Lookout’s analysis determined that the malware exploits three zero-day vulnerabilities, or Trident, in Apple iOS:
CVE-2016-4655: Information leak in Kernel – A kernel base mapping vulnerability that leaks information to the attacker allowing him to calculate the kernel’s location in memory.
CVE-2016-4656: Kernel Memory corruption leads to Jailbreak – 32 and 64 bit iOS kernel-level vulnerabilities that allow the attacker to silently jailbreak the device and install surveillance software.
CVE-2016-4657: Memory Corruption in Webkit – A vulnerability in the Safari WebKit that allows the attacker to compromise the device when the user clicks on a link.
The attack sequence, [#c20a16]boiled down, is a classic phishing scheme: send text message, open web browser, load page, exploit vulnerabilities, install persistent software to gather information. [/#c20a16]This, however, happens invisibly and silently, such that victims do not know they’ve been compromised.
In this case, the software is highly configurable: depending on the country of use and feature sets purchased by the user, [#a6101a]the spyware capabilities include accessing messages, calls, emails, logs, and more from apps including Gmail, Facebook, Skype, WhatsApp, Viber, FaceTime, Calendar, Line, Mail.Ru, WeChat, SS, Tango, and others.[/#a6101a] The kit appears to persist even when the device software is updated and can update itself to easily replace exploits if they become obsolete.
We believe that this spyware has been in the wild for a significant amount of time based on some of the indicators within the code (e.g., a kernel mapping table that has values all the way back to iOS 7). It is also being used to attack high-value targets for multiple purposes, including high-level corporate espionage on iOS, Android, and Blackberry.
Read more: Sophisticated, persistent mobile attack against high-value targets on iOS (https://blog.lookout.com/blog/2016/08/25/trident-pegasus/)
阿共應該都識得玩呢啲
上面應該有唔少IT專才 唔知香港有幾多人中?
2
2本貼文共有 0 個回覆
此貼文已鎖,將不接受回覆
| 發表文章 | 發起投票 |