CarderPlanet
Professional
Predator spyware and new details of the recent incident.
Security researchers from Citizen Lab and Google TAG reported that three vulnerabilities that were recently fixed by Apple were actively used to install Cytrox's Predator spyware.
The attackers targeted former Egyptian MP Ahmed Eltantawi. The attacks began after he announced his desire to participate in the presidential elections in 2024. Hackers exploited vulnerabilities CVE-2023-41991, CVE-2023-41992 and CVE-2023-41993 using false SMS and WhatsApp messages.
"When visiting sites without HTTPS protection, Vodafone Egypt's Eltantawy mobile connection switched to a malicious resource where the device was infected with Predator spyware."
Exploit CVE-2023-41993 was used for remote code execution in Safari, CVE vulnerability-2023-41991 — to bypass digital signature verification and CVE-2023-41992 — to increase system privileges.
Google TAG also noticed attempts to attack Android devices in Egypt, where a defect in Chrome — CVE-2023-4762-was exploited.
Apple's security team confirmed: in Lockdown mode ("highly protected") an attack would have been impossible. Citizen Lab insists that all Apple users install the latest updates on time and activate Lockdown mode.
In addition, Citizen Lab identified two other bugs (CVE-2023-41061 and CVE-2023-41064) that were exploited to infect the iPhone with NSO Group's Pegasus spyware.
The latest 0-day vulnerabilities were fixed in iOS versions 16.7 and 17.0.1. Among the affected devices:
Since the beginning of 2023, Apple has eliminated 16 vulnerabilities used in attacks:
Security researchers from Citizen Lab and Google TAG reported that three vulnerabilities that were recently fixed by Apple were actively used to install Cytrox's Predator spyware.
The attackers targeted former Egyptian MP Ahmed Eltantawi. The attacks began after he announced his desire to participate in the presidential elections in 2024. Hackers exploited vulnerabilities CVE-2023-41991, CVE-2023-41992 and CVE-2023-41993 using false SMS and WhatsApp messages.
"When visiting sites without HTTPS protection, Vodafone Egypt's Eltantawy mobile connection switched to a malicious resource where the device was infected with Predator spyware."
Exploit CVE-2023-41993 was used for remote code execution in Safari, CVE vulnerability-2023-41991 — to bypass digital signature verification and CVE-2023-41992 — to increase system privileges.
Google TAG also noticed attempts to attack Android devices in Egypt, where a defect in Chrome — CVE-2023-4762-was exploited.
Apple's security team confirmed: in Lockdown mode ("highly protected") an attack would have been impossible. Citizen Lab insists that all Apple users install the latest updates on time and activate Lockdown mode.
In addition, Citizen Lab identified two other bugs (CVE-2023-41061 and CVE-2023-41064) that were exploited to infect the iPhone with NSO Group's Pegasus spyware.
The latest 0-day vulnerabilities were fixed in iOS versions 16.7 and 17.0.1. Among the affected devices:
- iPhone 8 and later;
- iPad mini 5th generation and later;
- Macs with macOS Monterey and later;
- Apple Watch Series 4 and later.
Since the beginning of 2023, Apple has eliminated 16 vulnerabilities used in attacks:
- two vulnerabilities in July (CVE-2023-37450 and CVE-2023-38606);
- three vulnerabilities in June (CVE-2023-32434, CVE-2023-32435 and CVE-2023-32439);
- three vulnerabilities in May (CVE-2023-32409, CVE-2023-28204 and CVE-2023-32373);
- two vulnerabilities in April (CVE-2023-28206 and CVE-2023-28205);
- one WebKit vulnerability in February (CVE-2023-23529).
