Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Secti<strong>on</strong> 1: <str<strong>on</strong>g>Pegasus</str<strong>on</strong>g> Exploitati<strong>on</strong> <str<strong>on</strong>g>of</str<strong>on</strong>g> Safari (CVE-<br />
2016-4657)<br />
The First Stage <str<strong>on</strong>g>of</str<strong>on</strong>g> Infecti<strong>on</strong><br />
This secti<strong>on</strong> reports <strong>on</strong> first stage <str<strong>on</strong>g>of</str<strong>on</strong>g> <str<strong>on</strong>g>the</str<strong>on</strong>g> <str<strong>on</strong>g>Pegasus</str<strong>on</strong>g> exploit <str<strong>on</strong>g>of</str<strong>on</strong>g> <str<strong>on</strong>g>the</str<strong>on</strong>g> “Trident” zero-day<br />
vulnerabilities <strong>on</strong> <strong>iOS</strong>, discovered by researchers at Lookout and Citizen Lab. The<br />
first stage <str<strong>on</strong>g>of</str<strong>on</strong>g> <str<strong>on</strong>g>the</str<strong>on</strong>g> attack is triggered when <str<strong>on</strong>g>the</str<strong>on</strong>g> user clicks a spear-phishing link that<br />
opens <str<strong>on</strong>g>the</str<strong>on</strong>g> Safari browser. This enables <str<strong>on</strong>g>the</str<strong>on</strong>g> exploit <str<strong>on</strong>g>of</str<strong>on</strong>g> a vulnerability in WebKit’s<br />
JavaScriptCore library (CVE-2016-4657).<br />
Page 2