For the first time a set of three different very critical zero day vulnerabilities in iOS has been identified. These vulnerabilities were being exploited by a cyber war company NSO Group to create a complex spyware for clients. These vulnerabilities were investigated and discovered by Citizen Lab and Lookout.
Lookout refers to these 3 vulnerabilities together as ‘Trident’. These vulnerabilities are severe in nature and can be used to remotely jailbreak iOS and install spyware on the phone.
The spyware which exploits Trident is called Pegasus. Once this spyware infects a mobile, it can spy on almost anything like calls, Camera, GPS tracking, messaging, Contact list, communication using 3rd party apps like WhatsApp, Viber etc. Trident has been declared most severe vulnerability known till date because it allows iOS to be jailbroken remotely just by going to a malicious website. Thus exploiter can bypass any security and hijack iPhone to spy on the user.
You can get more details about these findings here –
- Citizen Lab’s findings.
- Lookout’s Report on Trident Vulnerability.
The good news is that Lookout and Citizen Lab has worked with Apple and an emergency update has been released by Apple which will fix all three loopholes. This fix is available with iOS update 9.3.5.
Readers are strongly recommended to update their Apple devices with latest iOS update (v9.3.5), which fixes all three vulnerabilities. You can check more details about this update in Apple’s release note here.