Helient Systems :

By Michael Trantas, Senior Solutions Architect

Apple recently released iOS version 9.3.5 and everyone should be updating – now. This update patches three specific vulnerabilities – CVE-2016-4655, CVE-2016-4656 and CVE-2016-4657. This trio of vulnerabilities, known as “Trident” can deliver and install Pegasus – malware that creates a backdoor, allowing an attacker a persistent presence on the device.

The three vulnerabilities that Trident is comprised of can:

1. Allow an attacker to execute code via the Safari browser, via a link in an e-mail or SMS message. Clicking this link executes the code to install the second vulnerability.
2. This vulnerability leaks a memory address in the kernel, which allows the kernel to be mapped out and help the attacker figure out various kernel memory addresses. These memory addresses are then exploited and trigger the third vulnerability.
3. This vulnerability allows the attacker to execute the malicious code at the kernel level, essentially jailbreaking the iOS and installing Pegasus – the backdoor the finally gives them complete control of the device with more authority than the user.

This update is considered critical due to a known strain of this malware discovered by a group known as The Citizen Lab, based out of University of Toronto, Canada. Studies are also showing that 75% of mobile endpoints that access protected corporate resources are running outdated versions of iOS and potentially vulnerable to these exploits.

Helient Systems advises that all of our clients upgrade their Apple devices to iOS version 9.3.5 as soon as possible to prevent these vulnerabilities from being exploited. If you have any questions or would like to request more information on this topic, please contact us at service@helient.com.