APPLE RELEASES MAC SECURITY UPDATE TO FIX TRIDENT SPYING VULNERABILITIES
Apple has released a security update to protect Macs against the Trident threat that was recently found to affect iPhones and iPads.
The updates, for Mac OS X El Capitan and Yosemite, close the same security loopholes that were fixed by the iOS 9.3.5 update for mobile devices.
Although it is unlikely the flaw will be used against the average user – it is primarily used for targeted attacks against high-profile individuals – Mac owners are advised to update their systems as soon as possible so cyber criminals cannot take advantage of it.
Last month, UAE activist Ahmed Mansoor received a message promising details about prison torture that actually led to the Pegasus attack.
If he had clicked the link in the text, the malware would have exploited the Trident vulnerabilities to jailbreak his device without his knowledge.
This would have enabled the hackers to access his device’s microphone, track his his movements and log messages and data from popular apps.
“The kit appears to persist even when the device software is updated and can update itself to easily replace exploits if they become obsolete,” researchers from Lookout said.
Although they believe the spyware has been in the wild for “a significant amount of time”, its primary use seems to be for the targeted tracking of high-profile individuals.
“There are three lessons to learned from this attack,” said Mark Skilton, professor of practice at Warwick Business School’s Information Systems and Management Group.
“Increased complexity of mobile devices where individual system faults may be accepted, but when combined become a cascade failure. Second, just having an encrypted app like WhatsApp does not protect your privacy if the operating system it runs on is violated.
“And thirdly, the need for crowdsourcing testing to keep checking and monitoring cyber threats is critical in today’s connected business. At least in this case Apple responded rapidly with a fix and told us. Other companies who delay telling people of the attack or not detecting the attacks are a risk to themselves and their customers.”