Apple has issued patches for OS X and Safari to fix the three major ‘Trident’ vulnerabilities associated with a recent state-sponsored attempt to spy on a rights activist.
The tech giant has already fixed iOS in a version 9.3.5 update last week following revelations that the bugs were being exploited as part of a sophisticated spyware package dubbed ‘Pegasus.’
Now it appears that the same WebKit and kernel vulnerabilities are present in OS X.
Apple has issued an update for OS X Yosemite and El Capitan and a separate patch for Safari.
The three flaws in question are: CVE-2016-4655, a kernel base mapping vulnerability that leaks info, allowing an attacker to work out the kernel’s location in memory; CVE-2016-4656, a kernel-level flaw enabling an attacker to jailbreak the device and install spyware; and CVE-2016-4657 – a Safari WebKit vulnerability which allows an attacker to compromise a device if the user clicks on a link.
News emerged of the spyware and the associated flaws last week after rights group Citizen Lab revealed activist Ahmed Mansoor was sent an unsolicited text message to his iPhone containing a suspicious looking link.
The following investigation revealed that the chain of three zero-day vulnerabilities, dubbed ‘Trident,’ were designed to deliver the Pegasus spyware developed by Israel-based “cyber warfare” research firm NSO Group.
Lookout Security, which analyzed the malware, claimed it to be the “most sophisticated attack we’ve seen on any endpoint.”
Pegasus is designed to give a remote attacker access to virtually very function on a victim’s device including emails, texts, location, browsing history, device settings, IM, microphone, phone calls, and calendar records.
Mac users can download the updates from the Mac App Store.
Citizen Labs believes the United Arab Emirates is behind the targeting of Mansoor – who has apparently been on the receiving end of similar ‘lawful intercept’ malware several times before.