Threat Intelligence

September 2, 2016

min read

Security Alert: Apple Just Patched Trident in Macs, Too

In the process of researching and disclosing the Trident iOS vulnerabilities, Lookout and our partners discovered another detail: these three software holes were present in Apple’s Mac computers, as well.Mobile devices and PCs are being attacked in similar ways. The devices can have the same vulnerabilities and very similar attacks. As mobile devices become the primary computing device people use for their work, enterprises will need to have the same security protection and incident response measures on both platforms.

We worked directly with Apple to patch the vulnerabilities, and allowed sufficient time for the patch to be distributed before disclosing. You can see Apple’s patch notification here.

Lookout originally found the vulnerabilities in iOS devices, as part of an incredibly sophisticated mobile attack called Pegasus (which Lookout worked with the researchers at Citizen Lab to uncover). The Pegasus attack would allow an attacker to spy on victims include accessing messages, calls, emails, logs, existing apps on the device, and more. While we have only seen an organized attack against iOS mobile devices, an attack could exist for Macs.

The vulnerabilities on iOS were listed under the following CVEs:

  • CVE-2016-4655: Information leak in Kernel – A kernel base mapping vulnerability that leaks information to the attacker allowing him to calculate the kernel’s location in memory.
  • CVE-2016-4656: Kernel Memory corruption leads to Jailbreak – 32 and 64 bit iOS kernel-level vulnerabilities that allow the attacker to silently jailbreak the device and install surveillance software.
  • CVE-2016-4657: Memory Corruption in Webkit – A vulnerability in the Safari WebKit that allows the attacker to compromise the device when the user clicks on a link.

Interested in learning more about Trident, the Pegasus attack, and how it impacts your company? Contact us.