Exploits patched by Apple today hint at years of surreptitious government hacks

August 25, 2016

You’ll want to be updating your iOS devices to 9.3.5, the version released today by Apple — especially if you’re a prominent human rights activist. A recently thwarted attack on just such a person employed not one but three zero-day exploits addressed by the patch. The subsequent investigation suggests these were the work of a shadowy cybersecurity company whose software may have been used for years by governments looking to compromise political targets.

Ahmed Mansoor, an award-winning activist based in the UAE, received some suspicious text messages two weeks ago promising information on detainees being tortured — but Mansoor, who has been targeted multiple times in the past by high-profile “lawful intercept” tools, decided instead to send the text to Canadian security research organization Citizen Lab.

Assisted by Lookout Security, Citizen Lab went down the rabbit hole, and found it much deeper than expected.

The text messages were a trap, of course, but one of unprecedented complexity. That single link would have leveraged three separate and highly serious exploits in iOS — executing arbitrary code through WebKit, gaining access to the kernel, and then executing code within the kernel. It’s rare enough to find a zero-day in the wild, let alone three at once.

The result would have been a one-step jailbreak with malicious code injected under the hood — granting complete access to all the phone’s data and communications. This triple threat of exploits building on one another gained the appropriate moniker “Trident.”

Read full story…