Zusammenfassung in einem Satz – Apple Inc. has released security patches to address three zero-day vulnerabilities in its software, which were used to deliver the Predator spyware targeting Ahmed Eltantawy, a former Egyptian member of parliament, with evidence suggesting the Egyptian government’s involvement in the attack.
Auf einen Blick
- Apple released security patches on September 21, 2023, to address three zero-day vulnerabilities in its software.
- The vulnerabilities were part of an iPhone exploit chain used to deliver a spyware named Predator.
- The spyware specifically targeted Ahmed Eltantawy, a former Egyptian member of parliament.
- The Egyptian government is believed to be behind the attack.
- The spyware was delivered through links sent via SMS and WhatsApp.
Die Details
Apple Inc. veröffentlichte am 21. September 2023 Sicherheits-Patches, um drei Zero-Day-Schwachstellen in seiner Software zu beheben.
These vulnerabilities were part of an iPhone exploit chain used to deliver a spyware named Predator.
The spyware specifically targeted Ahmed Eltantawy, a former Egyptian member of parliament.
The Egyptian government is believed to be behind the attack.
The spyware was delivered through links sent via SMS and WhatsApp.
Eltantawy’s mobile connection was persistently targeted using network injection.
The exploit chain used three vulnerabilities, allowing the attacker to bypass certificate validation, elevate privileges, and achieve remote code execution.
Predator, the surveillance tool used, is developed by Cytrox.
Predator is similar to NSO Group’s Pegasus.
The U.S. government blocklisted Predator in July 2023.
The attack was hosted on the domain sec-flare[.]com, using a network injection attack via Sandvine’s PacketLogic middlebox.
This attack intercepted HTTP traffic and redirected victims to a different site operated by the threat actor.
Eltantawy received SMS messages posing as security alerts from WhatsApp.
After reading one of these messages, the Predator spyware was installed on his device.
He also received WhatsApp messages soliciting his opinion on an article that directed him to the website sec-flare[.]com.
Google TAG (Threat Analysis Group) detected an exploit chain using a remote code execution flaw in the Chrome web browser to deliver Predator on Android devices.
It is suspected that the vulnerability used in this exploit chain may have been a zero-day.
The discoveries highlight the abuse of surveillance tools and vulnerabilities within the telecom ecosystem.
Users are advised to keep their devices up-to-date and enable Lockdown Mode to protect against such spyware threats.
Security researchers found that the three zero-day vulnerabilities patched by Apple were used to install Cytrox’s Predator spyware.
The attackers targeted Ahmed Eltantawy, a former Egyptian MP who had announced plans to join the Egyptian presidential election in 2024.
The attackers exploited the bugs between May and September 2023, using decoy SMS and WhatsApp messages.
Eltantawy’s mobile connection was targeted via network injection when he visited certain websites without HTTPS.
To compromise iOS devices, the attackers used an exploit chain, including remote code execution in Safari, signature validation bypass, and kernel privilege escalation.
On Android devices in Egypt, a separate exploit chain was used, exploiting a Chrome bug to drop the Predator spyware.
Apple’s Security Engineering & Architecture Team confirmed that Lockdown Mode would have blocked the attack.
Citizen Lab, a research group, urged Apple users to install emergency security updates and enable Lockdown Mode.
The network injection attack has been attributed to the Egyptian government with high confidence.
Citizen Lab also disclosed two other zero-day vulnerabilities that were part of a zero-click exploit chain used to infect iPhones with NSO Group’s Pegasus spyware.
Since January 2023, Apple has fixed a total of 16 zero-day vulnerabilities.
Apple has released security patches to address the three zero-day flaws in its software, impacting iOS, iPadOS, macOS, watchOS, and Safari.
Apple has not provided specific details about these flaws, but acknowledges the possibility of active exploitation.
The updates are available for various devices and operating systems.
These vulnerabilities were discovered and reported by researchers from Citizen Lab and Google’s Threat Analysis Group.
There is evidence to suggest that two of the vulnerabilities may be related.
The libwebp library, which contains one of the vulnerabilities, is used in various operating systems and software packages.
While the bug has been patched in the upstream libwebp, it may take time for the patch to reach all affected systems.
This disclosure follows Apple’s recent resolution of two other zero-day flaws as part of a spyware exploit chain known as BLASTPASS.
Google and Mozilla have also released fixes for a security flaw that could lead to arbitrary code execution.
The recent security patches by Apple have addressed three zero-day flaws used to deliver the Predator spyware.
These incidents highlight the need for users to remain vigilant, keep their devices updated, and utilize security features like Lockdown Mode to protect against potential spyware threats.
Artikel Röntgen
Hier sind alle Quellen, die zur Erstellung dieses Artikels verwendet wurden:
A small apple with a band-aid on it.
In diesem Abschnitt werden alle Fakten des Artikels mit der Originalquelle verknüpft.
Wenn Sie den Verdacht haben, dass der Artikel falsche Informationen enthält, können Sie in diesem Abschnitt nachforschen, woher die Informationen stammen.
| thehackernews.com |
|---|
| – Apple addressed three zero-day flaws on September 21, 2023. – |
| The flaws were part of an iPhone exploit chain used to deliver spyware called Predator. – |
| The spyware targeted former Egyptian member of parliament Ahmed Eltantawy. – |
| The attack was attributed to the Egyptian government. – |
| The spyware was delivered via links sent on SMS and WhatsApp. – Eltantawy’s mobile connection was persistently targeted via network injection. – |
| The exploit chain leveraged three vulnerabilities that allowed for bypassing certificate validation, elevating privileges, and achieving remote code execution. – Predator is a surveillance tool made by Cytrox, similar to NSO Group’s Pegasus. |
| – Predator was blocklisted by the U.S. government in July 2023. – |
| The exploit was hosted on the domain sec-flare[.]com. – |
| The exploit used a network injection attack using Sandvine’s PacketLogic middlebox. – |
| The attack intercepted HTTP traffic and redirected the victim to a different site operated by the threat actor. – Eltantawy received SMS messages masquerading as security alerts from WhatsApp. – |
| The Predator spyware was installed on the device shortly after Eltantawy read one of the messages. – Eltantawy received WhatsApp messages soliciting his opinion on an article that pointed to the website sec-flare[.]com. |
| – Google TAG detected an exploit chain that used a remote code execution flaw in the Chrome web browser to deliver Predator on Android devices. – |
| The vulnerability used in the exploit chain may have been a zero-day. – |
| The findings highlight the abuse of surveillance tools and vulnerabilities in the telecom ecosystem. |
| – Users are advised to keep their devices up-to-date and enable Lockdown Mode to protect against spyware threats. |
| bleepingcomputer.com |
|---|
| – Security researchers have discovered that three zero-day vulnerabilities patched by Apple were used to install Cytrox’s Predator spyware. – |
| The attackers targeted former Egyptian MP Ahmed Eltantawy after he announced plans to join the Egyptian presidential election in 2024. – |
| The bugs were exploited between May and September 2023 using decoy SMS and WhatsApp messages. – Eltantawy’s mobile connection was targeted via network injection when he visited certain websites without HTTPS. – |
| The attackers used an exploit chain on iOS devices, including remote code execution in Safari, signature validation bypass, and kernel privilege escalation. – |
| A separate exploit chain was used to drop Predator spyware on Android devices in Egypt, exploiting a Chrome bug. – Apple’s Security Engineering & Architecture Team confirmed that Lockdown Mode would have blocked the attack. |
| – Citizen Lab urged Apple users to install emergency security updates and enable Lockdown Mode. – |
| The network injection attack is attributed to the Egyptian government with high confidence. – Two other zero-days were disclosed by Citizen Lab, which were used in a zero-click exploit chain to infect iPhones with NSO Group’s Pegasus spyware. |
| – Apple has fixed a total of 16 zero-days since January 2023. |
| thehackernews.com |
|---|
| – Apple has released security patches to address three zero-day flaws in its software. – |
| The vulnerabilities impact iOS, iPadOS, macOS, watchOS, and Safari. |
| – This brings the total number of zero-day bugs discovered in Apple’s software this year to 16. – Apple has not provided specific details about the flaws but acknowledged that they may have been actively exploited. – |
| The updates are available for various devices and operating systems. – |
| The flaws were discovered and reported by researchers from Citizen Lab and Google’s Threat Analysis Group. – |
| The vulnerabilities may have been used in targeted spyware attacks against individuals at risk. – |
| This disclosure comes after Apple recently resolved two other zero-day flaws that were part of a spyware exploit chain called BLASTPASS. |
| – Google and Mozilla also released fixes for a security flaw that could lead to arbitrary code execution. – |
| There is evidence to suggest that two of the vulnerabilities may be related. – |
| The libwebp library, which contains one of the vulnerabilities, is used in various operating systems and software packages. – |
| The bug has been patched in the upstream libwebp, but it may take time for the patch to reach all affected systems. |
English 
Portuguese 
Turkish 
Chinese 
German