Security Bulletin: iOS “Pegasus” Malware and iOS 9.3.5 Security Update

On Aug. 5, 2016,  announced to address vulnerabilities in 9.3.4 and earlier. The affected components include the iOS kernel and WebKit.

The vulnerabilities can result in jailbreak, remote code execution, and memory corruption.  researchers at Lookout, Inc. have identified a high risk malware application, called “Pegasus”, that uses the vulnerabilities to compromise user devices.

MobileIron recommends that users to version or later to obtain the necessary patches. The security researchers have confirmed that the patches prevent the vulnerabilities from being exploited.

Three vulnerabilities were patched in 9.3.5.  The vulnerabilities are referred to collectively as “Trident”.  The reported CVE identifiers include:

  • CVE-2016-46: An application may be able to disclose kernel memory.
  • CVE-2016-4656: An application may be able to execute arbitrary code with kernel privileges.
  • CVE-2016-4657: Visiting a maliciously crafted website may lead to arbitrary code execution.

Detection of Jailbreak:

According to the researchers at Lookout, EMM vendors cannot currently detect the jailbreak. At this time, the only known method to detect Pegasus is to use products from Lookout.

Source: http://blaud.com/blog/pegasus-malware-ios-9-3-5-security-update_lookout_mobileiron

Translate »
%d bloggers like this: