Apple unequivocally condemns cyberattacks against journalists, human rights activists and others seeking to make the world a better place.For over a decade, Apple has led the industry in security innovation and, as a result, security researchers agree iPhone is the safest, most secure consumer mobile device on the market. Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life and are used to target specific individuals. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data.
NSO does not operate the systems that it sells to vetted government customers, and does not have access to the data of its customers' targets. NSO does not operate its technology, does not collect, nor possesses, nor has any access to any kind of data of its customers. Due to contractual and national security considerations, NSO cannot confirm or deny the identity of our government customers, as well as identity of customers of which we have shut down systems.
Hoop dat dat snel is afgelopen.
Ik realiseer me door zo'n bericht weer hoe naïef we zijn met z'n allen (inclusief mezelf). Denken dat Apple onze devices veilig houdt, onze privacy waarborgt en dat over het algemeen beter doet dan andere bedrijven.Niet dus. 'We' maken geen schijn van kans tegen dit soort praktijken.
Niet dus. 'We' maken geen schijn van kans tegen dit soort praktijken.
Is er werkelijk iets veranderd sinds de komst van de smartphone? Zoals al aangehaald de geheime diensten waren al overal. Met de komst en gebruik van computers en smartphones is het wellicht zelfs wel makkelijker werken voor geheime diensten.
Claudius, je vrouw is zo lelijk als de nacht; niemand was in haar geïnteresseerd. Maar sinds je haar twee lijfwachten hebt gegeven, begint ze zowaar begeerlijk te worden.
...en jaja begrafenisondernemers ( mooi Vlaams woord vermoed ik).
Uiteraard is dit van een andere orde, maar mijn verbazing blijft groot.Onvoorstelbaar dat Apple niet in staat is z’n OS hiertegen te beschermen.
Voor Apple zou het een optie zijn om Pegasus ook te kopen …
Ik vrees dat ze dan iOS fors moeten herschrijven, want volgens mij werkt dat Pegasus niet met een bug, of bugs, maar gebruikt de mogelijkheden van het iOS.
Pegasus gebruikt een zero-day bug, dat is ook de reden dat deze hack uitgevoerd kan worden zonder tussenkomst van de gebruiker.
Maar ik vermoed dat die lui van de NSO meer kennis in huis hebben van het iOS, dan de groep programmeurs van Apple dat hebben, hoe gek dat ook mag klinken.
Is de koers van Apple al flink gedaald na dit nieuws?
The kernel vulnerability known as CVE-2016-4656 was only still in the code because Apple patched CVE-2016-1828 in May 2016 without doing a security review of the code in question. In only 20 lines of code THREE codepaths existed that allowed UAF. Apple fixed only one of those paths although the other release() methods were clearly right next to it in the code. Furthermore the now released patch for PEGASUS shows that with a little redesign of the code Apple was able to fix all THREE problems at the same time. We consider it a huge oversight that this did not happen after the UAF had been reported by Brandon Azad in January. If Apple had fixed CVE-2016-1828 in a different way CVE-2016-4656 would never have been abusable in the wild.Unfortunately this is not the first time that Apple has botched security fixes. SektionEins has highlighted this troubling problem of Apple botching security patches over and over again for two years now. Not surprisingly highlighting this lack of QA of Apple's security patches has made us no friends at Apple and instead lead to the termination of our SysSecInfo security application from the iOS AppStore. You can read the full story here.Final food for thought: Having looked into Brandon Azad's CVE-2016-1828 and PEGASUS' CVE-2016-4656 we believe that the kernel bug used in PEGASUS is harder to see (find) and harder to exploit than the bug found by Brandon Azad. This makes us believe that the exploit used in PEGASUS has not been written before the fix for CVE-2016-1828 had already been released, because otherwise the easier to exploit bug would have been found and chosen. This could mean that either CVE-2016-1828 had been used for previous incarnations of PEGASUS or that someone reversed CVE-2016-1828 and discovered that the fix was incomplete. But these are just guesses and our assumptions could be completely wrong.
Pointer Authentication Codes (PAC) is an ARMv8.3-A security feature that mitigates pointer tampering by storing a cryptographic signature of the pointer value in the upper bits of the pointer. Apple introduced PAC with the A12 and significantly hardened the implementation (compared to the ARM standard) in order to defend against attackers with kernel read/write, although for most purposes it is functionally indistinguishable. Apple's kernel uses PAC for control flow integrity (CFI), placing a security boundary between kernel read/write and kernel code execution.Despite numerous public bypasses of the iOS kernel's PAC-based CFI, PAC in the kernel is still an effective exploit mitigation: it has severely restricted exploitability of many bugs and killed some exploit techniques. For example, exploits in the past have used a kernel execute primitive in order to build a kernel read/write primitive (see e.g. ziVA); that is no longer possible on A12 without bypassing PAC first. Furthermore, extensive use of PAC-protected pointers in IOKit has made it significantly harder to turn many bugs into useful primitives. Given the long history of serious security issues in IOKit, this is a substantial win.
Zero-click attacks have been observed since May 2018 and continue until now. Most recently, a successful “zero-click” attack has been observed exploiting multiple zero-days to attack a fully patched iPhone 12 running iOS 14.6 in July 2021.