Apple has released emergency OS X security updates to tackle three zero-day vulnerabilities which are being actively exploited. The Emergency OS X updates tackle the “Trident vulnerabilities” which are currently being used by the Israeli firm, NSO Group Technologies. According to security researchers from Lookout Security and Citizen Lab, the exploits, which were discovered last week, could well have been weaponized and used to attack iOS and OS X devices.
All users have been advised to install the emergency OS X security updates as soon as possible to ensure their devices are protected from attack.
In order for the vulnerabilities to be exploited, a targeted user must be convinced to visit a malicious webpage. As recent research by Wombat has shown, phishing campaigns can be highly effective and many users click on the links sent to them via email. If the target visits the link using their Safari browser, arbitrary code can be run, an application can be run on the device with kernel privileges, or an application can be run which discloses the kernel memory.
Each of the three vulnerabilities could be leveraged to allow spyware to be installed on the targeted device, or any form of malware for that matter. A malicious actor could also use the vulnerabilities to gain full control of the victim’s device.
The exploits were discovered by Citizen Lab, which was sent a phishing email from UAE-based human rights activist Ahmed Mansoor. In this case, the activist was targeted with a spear phishing email which was believed to have come from the NSO Group. According to Citizen Lab, “Mansoor received SMS text messages on his iPhone promising ‘new secrets’ about detainees tortured in UAE jails if he clicked on an included link.” He smelled a rat and forwarded the email.
Citizen Lab said that if the link had been clicked, it would have resulted in spyware being downloaded onto Mansoor’s iPhone. This would have enabled the attackers to use the microphone and camera on the device to spy on Mansoor’s activities. It would also have enabled the attackers to listen in to Mansoor’s WhatsApp conversations and Viber calls, as well track him.
NSO Group sells cyber weapons to governments to allow them to spy on individuals. It has been hypothesized that Mansoor was targeted by the group on behalf of the UAE government.
The Emergency OS X Security updates (2016-001 El Capitan / 2016-005 Yosemite) prevent the exploits from being used to gain access to Macs. The iOS security updates resolving the vulnerabilities were released last week.