September 2, 2016
Security Alert: Apple Just Patched Trident in Macs, Too
In the process of researching and disclosing the Trident iOS vulnerabilities, Lookout and our partners discovered another detail: these three software holes were present in Apple’s Mac computers, as well.Mobile devices and PCs are being attacked in similar ways. The devices can have the same vulnerabilities and very similar attacks. As mobile devices become the primary computing device people use for their work, enterprises will need to have the same security protection and incident response measures on both platforms.
We worked directly with Apple to patch the vulnerabilities, and allowed sufficient time for the patch to be distributed before disclosing. You can see Apple’s patch notification here.
Lookout originally found the vulnerabilities in iOS devices, as part of an incredibly sophisticated mobile attack called Pegasus (which Lookout worked with the researchers at Citizen Lab to uncover). The Pegasus attack would allow an attacker to spy on victims include accessing messages, calls, emails, logs, existing apps on the device, and more. While we have only seen an organized attack against iOS mobile devices, an attack could exist for Macs.
The vulnerabilities on iOS were listed under the following CVEs:
- CVE-2016-4655: Information leak in Kernel – A kernel base mapping vulnerability that leaks information to the attacker allowing him to calculate the kernel’s location in memory.
- CVE-2016-4656: Kernel Memory corruption leads to Jailbreak – 32 and 64 bit iOS kernel-level vulnerabilities that allow the attacker to silently jailbreak the device and install surveillance software.
- CVE-2016-4657: Memory Corruption in Webkit – A vulnerability in the Safari WebKit that allows the attacker to compromise the device when the user clicks on a link.
Interested in learning more about Trident, the Pegasus attack, and how it impacts your company? Contact us.
Book a personalized, no-pressure demo today to learn:
- How adversaries are leveraging avenues outside traditional email to conduct phishing on iOS and Android devices
- Real-world examples of phishing and app threats that have compromised organizations
- How an integrated endpoint-to-cloud security platform can detect threats and protect your organization