Today, Lookout is releasing the technical details behind “Trident,” a series of iOS vulnerabilities that allow an attacker to remotely jailbreak a target user’s device and install spyware. In August, Lookout, in conjunction with Citizen Lab, discovered “Pegasus,” a sophisticated piece of mobile spyware used by nation state actors to surveil high-value targets. The so-called “cyber arms dealer,” NSO Group created the spyware, which, at the time, relied on the three Trident vulnerabilities to remotely and silently compromise a device. Lookout and Citizen Lab worked directly with Apple to close the holes and cripple this attack vector used by Pegasus for the compromise.
In the process, Lookout and Citizen Lab also identified a related vulnerability Mac OS, which Apple quickly patched as well.
Below you can find the full technical details behind the vulnerabilities. Want more background on the Pegasus malware? Microsoft noted in a blog, “Many security firms described it as the most sophisticated attack they’ve seen on any endpoint.” Check out our coverage of the Pegasus attack and Trident vulnerabilities, including our original technical report and analysis for CSOs and CIOs.
The technical report covers the following:
Special thanks to Max Bazaliy, Cris Neckar, Greg Sinclair, in7egral, and the Lookout Security Research team for their work and research into these vulnerabilities.
Want to learn more about the attacks and find out what this means for your company? Contact us.
Interested in working for Lookout? Check out our careers page here.
September 12, 2023
Apple released two security updates, 16.6.1 and 15.7.9 for iOS and iPadOS to address the vulnerabilities exploited by the BlastPass exploitation chain.
May 24, 2023
June 22, 2023