Security Bulletin: iOS “Pegasus” Malware and iOS 9.3.5 Security Update

On Aug. 25, 2016,  Apple announced updates to address security vulnerabilities in iOS version 9.3.4 and earlier. The affected components include the iOS kernel and WebKit.

The vulnerabilities can result in jailbreak, remote code execution, and memory corruption.  Security researchers at Lookout, Inc. have identified a high risk malware application, called “Pegasus”, that uses the vulnerabilities to compromise user devices.

MobileIron recommends that users update to iOS version 9.3.5 or later to obtain the necessary security patches. The security researchers have confirmed that the iOS patches prevent the vulnerabilities from being exploited.

Three vulnerabilities were patched in iOS 9.3.5.  The vulnerabilities are referred to collectively as “Trident”.  The reported CVE identifiers include:

  • CVE-2016-4655: An application may be able to disclose kernel memory.
  • CVE-2016-4656: An application may be able to execute arbitrary code with kernel privileges.
  • CVE-2016-4657: Visiting a maliciously crafted website may lead to arbitrary code execution.

Detection of Pegasus Jailbreak:

According to the security researchers at Lookout, EMM vendors cannot currently detect the Pegasus jailbreak. At this time, the only known method to detect Pegasus is to use products from Lookout.

Source: http://blaud.com/blog/pegasus-malware-ios-9-3-5-security-update_lookout_mobileiron