What is spyware that infects just by opening the McAfee iPhone messaging app?

Polyclonal-technology photos created by jp.freepik.com

You may get infected just by opening "iMessage"

The "iPhone 13", "iPhone 13 mini", "iPhone 13 Pro" and "iPhone 13 Pro Max" are finally on sale. Prior to that, Apple began distributing the latest version of iOS "iOS 15" on the 20th (local time). Applicable on iPhone 6s and later devices.

Prior to iOS 15, Apple released iOS 14.8 to address security issues. This update addresses a zero-click exploit that can be attacked without user intervention, where the device is infected with spyware simply by opening Apple's messaging app, iMessage (Stop and update). your iPhone to iOS 14.8 right now --The Verge).

This cyberattack exploits a vulnerability in Apple's image rendering library. It is said that this vulnerability could be used to infiltrate the spyware "Pegasus" that monitors smartphones into the iPhone.

The possibility of causing unexpected behavior due to software programming flaws or mistakes cannot be eliminated. Of course, the manufacturer will deal with it as soon as it is discovered. We often release updates and patches when problems occur due to bugs or vulnerabilities.

Conversely, continuing to use an older operating system can, in some cases, leave you vulnerable to a variety of cybercrimes. I want to update the software diligently without any hassle.

Let's check the information of the terminal you are using

Things that are talked about all over the world and have many users are easy to target. The zero-click exploit mentioned above was also aimed at the popular iPhone. The latest iPhone 13 series (iOS 15) addresses that security issue, but it's unclear when new threats will arrive.

As new products and features are released, many people start looking for vulnerabilities. Not only for malicious people to commit crimes, but also for security vendors to check to prevent crimes. In any case, if a problem is reported, the manufacturer will update the OS and apps to deal with it.

Therefore, it is important to check the information of the terminal you are using and update it quickly if anything happens. Smartphones are not only used on a daily basis, but also packed with a lot of personal information, so it is a device that must be considered to be used safely above all else.

Not only do you want to install security software, but you also want to make sure that your smartphone is set up to prevent loss and theft. Not only does it prevent attacks, but it also provides a response in case of an attack. For example, by making regular backups and storing important data externally, it is possible to prevent damage in the event of an attack to some extent.

It is important to understand that it is necessary not only to use it once you buy it, but also to update it regularly, without neglecting countermeasures against vulnerabilities. The same is true for Android users.

As a lesson to use smartphones with peace of mind, the 2019 article McAfee Blog, which explains the case where the vulnerability of iPhone was discovered to be exploited, `` Importance of attacks on Apple iOS and threat investigation'' Let me introduce you. (Sekyu Lab)

* The following is reprinted from the McAfee Blog.

Importance of Attacks and Threat Investigations on Apple iOS: McAfee Blog

A recently announced (August 29, local time) Apple iOS-targeted exploit chain reveals how malicious cybercriminals can exploit zero-day vulnerabilities to successfully attack undetected. It can be said to be the latest example of.

Specifically, the latest version of a single or multiple attackers operating multiple compromised websites, using at least one zero-day vulnerability and numerous proprietary exploit chains and known vulnerabilities. It is said that it has infringed the iPhone including the OS of the above for more than two years. Operating this type of infrastructure and endangering potentially thousands of undetected users requires considerable skill and abundant funding.

Fighting the epidemic of cybercrime requires an ally of justice, but as such cyberattacks take place, threat investigations and responsible vulnerability disclosure become increasingly important. Cyber ​​criminals are getting faster, more sophisticated, and more dangerous every day. The unity of a global community of researchers to identify and work with critical vulnerabilities such as those used in this attack is critical to making significant progress towards eliminating this type of malicious attack. is. Equally important is the analysis to reveal the unique characteristics of the attack so that defenders and developers can mitigate these threats in the future in the event of an attack. Let's take a look at this attack.

table of contents

Attacks that take place openly in the daytime Strengths of value vulnerability disclosure of iOS exploits

Attacks that take place in the daytime

This attack is unique in that it did not perform the implant secretly, but uploaded the information without encryption. In other words, the information is uploaded in clear text to the attacker's server, so anyone monitoring network traffic should be aware of the activity.

In addition, debug messages seem to remain in the code, so if the user connects their phone to the computer and looks at the console logs, they should notice the activity as well.

However, on the iPhone's closed operating system, users must take the additional step of connecting the phone to their computer in order to be aware of these attack indicators. Therefore, even power users may not be aware of the infection.

The value of iOS exploits

Finding iOS exploits is generally difficult due to their own code base and the latest security safeguards. However, exploits that do not require user interaction and execute code completely remotely are extremely rare, effective, and difficult to find.

Further complicating the attack is that many mobile device exploits require multiple vulnerabilities to succeed, often 3-4 to execute advanced remote code on the target system. I need some bugs. It usually requires a set of vulnerabilities due to sandbox / container mitigations, restricted code execution, and reduced user privileges. Due to this complexity, even if one or more bugs are discovered, they are likely to be "crushed" or patched by the vendor, reducing the success rate of the attack.

Apple has taken a firm stance on responsible disclosure and has recently increased its incentives for specific vulnerabilities up to $ 1 million. Meanwhile, a vulnerability broker that "resells" the vulnerability is reported to pay up to US $ 3 million for a zero-interaction remote code execution vulnerability on iOS. The value of a bug that does not require dialogue from the victim and results in full remote code execution is so high. With Apple's operating system pervasive across mobile devices and PCs, even if the bounty is so expensive, it's a more malicious purpose than responsibly disclosing the vulnerabilities found in my research. Not enough to stop using it for.

Strengths of vulnerability disclosure

The two most important questions that arise in this discovery are: How could this attacker continue to operate primarily using known exploits for such a long time? And what kind of goal did you achieve as a result (whether you made a profit)?

These questions remind us of the value of disclosure of a vulnerability. Through hardware and software analysis and responsible disclosure, it is really important to be one step ahead in exposing these types of vulnerabilities before they can be used by malicious individuals for malicious purposes.

* The content of this page is the content of the following McAfee Blog updated on September 4, 2019 (US time).

Original: Apple iOS Attack Underscores Importance of Threat Research Author: Steve Povolny and Philippe Laulheret

* This article is an article that edits and introduces popular entries from the past McAfee Blog for posting on the ASCII and McAfee collaboration site "Sekyu Lab".