Sophisticated, persistent attack identified against iPhone users

Lookout, Inc. said Thursday an active threat has been identified using three critical vulnerabilities in iPhone's operating system that, when exploited, form an attack chain that subverts Apple Inc.'s security environment.

The mobile security company based in San Francisco said in a blog on its website that it has joined Citizen Lab of University of Toronto to name the iOS zero-day vulnerabilities "Trident" and to work with Apple's security team, which in turn fixed all three iOS vulnerabilities in its 9.3.5 patch.

Trident is used in a spyware product called Pegasus, which according to an investigation by Citizen Lab, is developed by an organization called NSO Group, an Israeli-based organization that was acquired by U.S. company Francisco Partners Management in 2010, the Lookout blog noted, adding that news reports have identified NSO Group as specializing in "cyber war."

Pegasus is highly advanced in its use of zero-days, obfuscation, encryption and kernel-level exploitation. And NSO Group has allegedly used fake domains, impersonating sites such as the International Committee for the Red Cross, the British government's visa application processing website, and a wide range of news organizations and major technology companies in its operations.

Both Lookout and Citizen Lab have created reports to provide a detailed analysis of the malicious code of the spyware. And in its report, Lookout provides an in-depth technical look at the targeted espionage attack that is actively being used against iOS users throughout the world.

Promising that it will send out an alert any time a new update is available, Lookout recommended all iPhone users update their devices to the latest version of iOS immediately. Endit