Today, Apple released the iOS 9.3.5 out-of-band security update, which fixes vulnerabilities that allows attackers to remotely jailbreak an iPhone in order to to install spyware. First discovered by
Citizen Lab and
Lookout, these vulnerabilities, called Trident, are being used by attackers to install the malware on the target's iPhone.
The attack is simple; send a phishing text containing a link to a target and try to convince that target to visit the link. Once the target opens the link they will go to a site that contains an exploit kit, which would remotely jailbreak the phone and install the Pegasus spyware kit.
Citizen Labs and Lookout learned about this attack when human rights activist, Ahmed Mansoor, sent Citizen Labs a suspicious text that he received:
Ahmed Mansoor is an internationally recognized human rights defender and a Martin Ennals Award Laureate (sometimes referred to as a “Nobel prize for human rights”), based in the United Arab Emirates (UAE). On August 10th and 11th, he received text messages promising “secrets” about detainees tortured in UAE jails if he clicked on an included link. Instead of clicking, Mansoor sent the messages to Citizen Lab researchers. Recognizing the links as belonging to an exploit infrastructure connected to NSO group, Citizen Lab collaborated with Lookout to determine that the links led to a chain of zero-day exploits that would have jailbroken Mansoor’s iPhone and installed sophisticated malware.
