Two in the iOS Kernel and one in the WebKit, Lookout, and Citizen Lab reported vulnerabilities deemed "Trident" yesterday, heightening concerns over Apple's security system and sparking discussion.
The Trident vulnerabilities are zero-day threats that allow hackers to access a victim's personal data via SMS phishing. This means that the target device could be potentially jailbroken, remotely, prompting the hacked device to share its private contents with the attacker. This type of attack is especially dangerous because device owners may not even know that their device has been compromised. These vulnerabilities give attackers access to the device's kernel memory where they can then execute arbitrary code when victims are visiting malicious websites.
While Apple has already released a patch for iOS 9.3.5 to address the "Trident" vulnerabilities, it only protects against one instance of all the known or unknown security threats. The term "safe enough" will never exist for the security industry, especially in the mobile space. Fortunately, OPSWAT MetaDefender can protect users from this type of vulnerability by assessing their device security in the following six areas:
- Whether the device is jailbroken or not
- Whether the device is secured with touch ID/passcode
- Whether the operating system is up-to-date
- Whether the device is enabled for ad tracking
- Whether the device storage is encrypted
- Whether there are any suspicious connections found
Click image to expand views of MetaDefender mobile app
Below, you can see an example of an SMS phishing attempt and a user's mobile device health score in MetaDefender, both before and after they have addressed security concerns.
Click image to expand views of MetaDefender mobile app
OPSWAT MetaDefender is a robust security platform for IT administrators, independent software vendors, and malware researchers that offers unmatched protection and analysis of known and unknown threats. Mobile security is just one of the many use cases in endpoint posture assessment.
To try the mobile app yourself, you can download it from the iTunes store or contact the OPSWAT Sales team to see how MetaDefender can take your enterprise security to the next level.
