Home Latest Cyber Security News | Network Security Hacking Apple Zero-Day Flaws Exploited For Predator Spyware Attacks

Apple Zero-Day Flaws Exploited For Predator Spyware Attacks

by Abeerah Hashim
Apple zero-day flaws exploited to deliver Predator spyware

Heads up, Apple users! Researchers have caught active exploitation of three zero-day flaws in Apple devices for spyware attacks. Nonetheless, Apple addressed the matter with the latest security updates for iOS, rolling out the patches to eligible devices.

Apple Zero-Day Flaws Exploited Before Patch Releases

According to a recent post from The Citizen Labs, their researchers and Google’s Threat Analysis Group (TAG) observed a tricky exploit chaining three different zero-days in Apple’s iOS devices. Mainly, they noticed that hackers deploying the Predator spyware on target iPhones via this exploit.

Specifically, The Citizen Lab discovered this new exploit while analyzing a victim device. As described, a former Egyptian parliamentarian, Ahmed Eltantawy, contacted the researchers to analyze his phone, suspecting possible intrusion. Consequently, the researchers observed numerous attempts to deploy the Predator spyware on his phone.

Predator is a notorious spyware from the European firm Cytrox, resembling its Israeli counterpart Pegasus. This particular spyware was also used earlier to target Egyptian users’ devices.

The researchers have shared the details about this spyware attempt and their discovery, in their post. In addition, Google TAG has also shared insights about their findings in their report.

Apple Fixed The Vulnerabilities With The Latest Updates

Upon discovering the newly exploited vulnerabilities, the researchers reported the matter to Apple. In response, the Cupertino giant started patching the flaws affecting its iPhones.

Shortly after, Apple released the patches for the three vulnerabilities, which affected iOS versions iOS 16.7 and earlier, with iOS 17.0.1. These flaws include,

  • CVE-2023-41991: signature validation bypass allowing access to a malicious app.
  • CVE-2023-41992: privilege escalation vulnerability allowing exploitation from a local attacker.
  • CVE-2023-41993: arbitrary code execution may become possible upon processing maliciously crafted web pages.

Now that the patches have been released, users must ensure updating their respective devices (iPhone, iPad, Mac, and others) with the latest security fixes at the earliest.

Let us know your thoughts in the comments.

You may also like