Title: Apple Patches iOS Zero-Day Vulnerabilities Used to Spy on Egyptian Presidential Candidate
Apple has recently released patches for a series of zero-day vulnerabilities in iOS that were utilized to infect the iPhone of a prominent Egyptian presidential candidate with spyware. These vulnerabilities, which were successfully patched on Thursday, enabled clickless attacks, eliminating the requirement for any action from the target except for visiting a specific website.
The attacks were orchestrated in collaboration with the Egyptian government, utilizing spyware developed by Cytrox and hardware provided by Egypt-based Sandvine. The primary target was Ahmed Eltantawy, a former member of the Egyptian Parliament who had declared his intention to run for president earlier this year. Remarkably, this is not the first time Eltantawy’s iPhone has been subjected to such attacks, with a prior successful breach occurring in 2021 as well.
Given that the victim is a democratic opposition member aspiring for the presidency, this incident is seen as a direct interference in free elections, constituting a violation of privacy and freedom of expression. The exploitation of vulnerabilities against political opponents seeking office demonstrates a concerning disregard for democratic principles.
Apple has addressed these security flaws in the latest iOS updates, specifically versions 16.7 and 17.0.1. Additionally, the attackers employed a separate exploit to install the same spyware on Android devices. Google responded promptly to a research group’s report and patched the vulnerabilities on September 5 for Android devices.
The success of the attack was facilitated by the hardware sold by Sandvine, which was deployed on the cellular network used by the targeted iPhone. To mitigate the risk of such attacks, Apple introduced a feature called Lockdown in iOS last year, which can effectively block these types of exploits.
The exploit chain within iOS was triggered automatically when the target accessed a website hosting the malicious code, allowing the installation of the spyware without any user action. The attackers took advantage of the use of less secure HTTP sites instead of the more secure HTTPS.
The spyware deployed in this attack, known as Predator, is available to multiple governments and has been previously employed to target other political opposition members and journalists. The inner workings of this malware were exposed last year by Cisco’s Talo security team.
The discovery and subsequent patching of these vulnerabilities highlight the ongoing arms race between cybersecurity experts and malicious actors. It serves as a reminder of the critical importance of regular updates and maintaining robust security measures to safeguard against potential breaches.
Overall, this incident underscores the need for continued vigilance in protecting personal privacy and upholding democratic principles in an increasingly interconnected digital world.