In the process of researching and disclosing the Trident iOS vulnerabilities, Lookout and our partners discovered another detail: these three software holes were present in Apple’s Mac computers, as well. Mobile devices and PCs are being attacked in similar ways. The devices can have the same vulnerabilities and very similar attacks. As mobile devices become the primary computing device people use for their work, enterprises will need to have the same security protection and incident response measures on both platforms.
We worked directly with Apple to patch the vulnerabilities, and allowed sufficient time for the patch to be distributed before disclosing. You can see Apple’s patch notification here.
Lookout originally found the vulnerabilities in iOS devices, as part of an incredibly sophisticated mobile attack called Pegasus (which Lookout worked with the researchers at Citizen Lab to uncover). The Pegasus attack would allow an attacker to spy on victims include accessing messages, calls, emails, logs, existing apps on the device, and more. While we have only seen an organized attack against iOS mobile devices, an attack could exist for Macs.
The vulnerabilities on iOS were listed under the following CVEs:
Interested in learning more about Trident, the Pegasus attack, and how it impacts your company? Contact us.
September 12, 2023
Apple released two security updates, 16.6.1 and 15.7.9 for iOS and iPadOS to address the vulnerabilities exploited by the BlastPass exploitation chain.
May 24, 2023
June 22, 2023