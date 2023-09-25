Predator exploit patched in iPhones, iPads

By

After Egyptian MP targeted.

Apple has rolled out an out-of-cycle patch after Google and Citizen Lab discovered an exploit chain used in Intellexa’s Predator spyware.

Predator exploit patched in iPhones, iPads

The three exploited bugs are CVE-2023-41991, CVE-2023-41992, and CVE-2023-41993.

“Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7”, Apple said in its advisory.

Google’s Threat Analysis Group explained that the exploit chain starts with CVE-2023-41993, a Safari bug that lets a man-in-the-middle (MITM) redirect HTTP (not HTTPS) traffic to an attacker-controlled website.

The attacker can then force remote code execution on the victim’s iPhone or iPad.

CVE-2023-41991, a pointer authentication code (PAC) vulnerability, was the second exploit in the chain. Google did not provide detail on how the PAC bug was exploited.

Finally, the attackers took advantage of CVE-2023-41992 to escalate their privilege in the kernel.

With the target device compromised, Google wrote, a small payload was run to decide whether or not to install “the full Predator implant”.

Google promises a full technical analysis of the exploit chain at some point in the future.

Apple attributes discovery of the vulnerabilities to Google Threat Analysis Group’s Maddie Stone and Bill Marczak of The Citizen Lab at Toronto University.

The Citizen Lab on Friday published a report saying Predator had been deployed against Egyptian MP Ahmed Eltantawy, who in August announced his intention to run as a candidate in the country’s 2024 presidential election.

The report said the MITM was implemented as “a device installed at the border of Vodafone Egypt’s network”.

The Citizen Lab got involved when Eltantawy started to suspect his phone had been attacked and asked the university group for assistance.

The lab also identified two websites used by the zero-day chain: sec-flare[dot] com, which hosted the attack code; and verifyurl[dot]me, contacted by the malware during the attack.

While Google was unable to “capture the full Predator implant”, enough code was analysed that The Citizen Lab attributed it to Predator “high confidence, based on comparing the payload with the 2021 sample of Predator we obtained.”

Google’s post added that it also observed a zero-day in Android that took advantage of CVE-2023-4762, which was patched earlier this month.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
cyber securityintellexaipadiphonepredatorsecurity

Sponsored Whitepapers

How to reach the &#8216;Holy Grail&#8217; of security and performance with SASE
How to reach the ‘Holy Grail’ of security and performance with SASE
Unveiling the Invisible Threat: Mastering the Art of Conveying Cyber Risks to Boards
Unveiling the Invisible Threat: Mastering the Art of Conveying Cyber Risks to Boards
Transforming Your Business
Transforming Your Business
The Complete Cloud Security Buyer's Guide
The Complete Cloud Security Buyer's Guide
The Complete MDR Buyer's Guide
The Complete MDR Buyer's Guide

Most Read Articles

Government to create six "cyber shields" to layer Australian protection

Government to create six "cyber shields" to layer Australian protection
Medibank incurred $7.5 million in direct tech costs after cyber attack

Medibank incurred $7.5 million in direct tech costs after cyber attack
Dymocks links data breach to "external data partner"

Dymocks links data breach to "external data partner"
Token error left Microsoft data exposed

Token error left Microsoft data exposed

Digital Nation

COVER STORY: What AI regulation might look like in Australia
COVER STORY: What AI regulation might look like in Australia
Health tech startup Kismet raises $4m in pre-seed funding
Health tech startup Kismet raises $4m in pre-seed funding
More than half of loyalty members concerned about their data
More than half of loyalty members concerned about their data
How eBay uses interaction analytics to improve CX
How eBay uses interaction analytics to improve CX
State of Security 2023
State of Security 2023

Log In

  |  Forgot your password?