What does the security industry make of news that Apple was exposed to an iOS Pegasus spyware 0day triple-threat vulnerability?
Active threats that can exploit Apple devices are not commonplace, truth be told. Those leveraging zero-day vulnerabilities less so. Which is why the news that Apple fixed one that uses no less than three critical iOS zero-day threats just before the Bank Holiday weekend kicked off is such big news. It would be fair to say that until news of this broke on Thursday last, attempts by spyware to leverage multiple zero-day threats were rarer than rocking horse poop. And not many threats out there come with a million dollar price tag either!
When Citizen Lab and Lookout uncovered the triple-header of vulnerabilities, dubbed Trident, they worked together with Apple to ensure the threat was patched as quickly as possible. If you haven’t updated your device with the iOS 9.3.5 patch yet, you might want to pull your finger out and get clicking. Leaving it until later, especially now that details of Trident (and the Pegasus spyware that uses it) are in the public domain. Remember, this is an active threat which we are assured can “form an attack chain that subverts even Apple’s strong security environment.”