09/23 update: this article was originally published on September 21
In a new and detailed thread on X, formerly known as Twitter, John Scott-Railton, a senior researcher at Citizen Lab, has issued a clear warning to users of iPhones, iPads, Apple Watch, and Macs: Update your Apple products now.
That warning applies to users of iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, iPad mini 5th generation and later. Updates to iOS 17.0.1, or iOS 17.0.2 for iPhone 15 series users, iPadOS 17.0.1, watchOS 10.0.1, Safari 16.6.1, macOS Ventura 13.6 and macOS Monterey 12.7 should be applied as soon as possible.
Railton reveals how Citizen Lab, alongside Google’s Threat Analysis Group, has uncovered a sophisticated spyware attack against a renowned Egyptian pro-democracy politician following an announcement that he would be running for President of the country in the 2024 elections.
Ahmed Eltantawy was, Railton says, targeted with spyware in an attack using links sent by way of both SMS and WhatsApp messages and “persistently selected for targeting via network injection.” His phone was eventually infected with spyware after being redirected to a malicious website.
The Citizen Lab investigation, alongside Google’s TAG, was able to uncover a zero-day exploit chain for the iPhone. This used the three vulnerabilities mentioned in the original article below: CVE-2023-41991, CVE-2023-41992 and CVE-2023-41993. These were designed initially to infect an iPhone using any version of iOS up to and including 16.6.1
As Maddie Stone from TAG details in a 22 September analysis, this was a ‘silent attack’ that didn’t require any user interaction. The redirection was by way of man-in-the-middle injection, and Stone confirms that the exploit “didn’t require the user to open any documents, click a specific link, or answer any phone calls.”
Railton says that using Lockdown Mode would have prevented the attack from being successful, something Apple’s Security Engineering & Architecture Team has confirmed.
“We strongly encourage all Apple users that may be at risk because of who they are or what they do to enable Lockdown Mode,” Railton says.
Apple has released iOS 17.0.1 and iPadOS 17.0.1, just days after the latest operating system was launched with much fanfare. This emergency iPhone update, and one which all iPhone and iPad users should apply as soon as possible, comes with a critical warning. The security update addresses three critical vulnerabilities, and Apple warns that it is aware of reports that the trio may have been actively exploited against versions of the iPhone operating system before iOS 16.7. If you are getting your new iPhone 15, iPhone 15 Plus, iPhone 15 Pro or iPhone 15 Pro Max at launch, you will need to update the operating system immediately.
What Is Known About The Three iOS Security Vulnerabilities?
As always, Apple has released very little detail about any of these iOS vulnerabilities, or the exploits using them. This is no surprise, as Apple delays such detail until as many users as possible have had the chance to update their devices so as to prevent other attackers from producing exploits.
What is known at this stage is that credit for the discovery of CVE-2023-41992 is given to Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group. This is a kernel vulnerability that could enable an attacker to elevate privileges.
CVE-2023-41991 And CVE-2023-41993
The same two security researchers are also credited with disclosing both CVE-2023-41991 and CVE-2023-41993. The first of these involves a certificate validation issue, and successful exploitation can enable an attacker to bypass such validation using a malicious app. The latter vulnerability is within WebKit, and the act of processing content could lead to arbitrary code execution.
CVE-2023-41991 and CVE-2023-41992 also impact Apple Watch users, and an emergency security update to watchOS 10.0.1 is also now available.
Update To iOS 17.0.1 Or iOS 17.0.2 Now
Given that all three of these vulnerabilities are known to have been exploited already, it is imperative that users update to the patched versions of iOS, iPadOS as soon as possible. iPhone users should head to Settings|General|Software Update to download iOS 17.0.1 or 17.0.2.