Microsoft: Ensuring mobile devices are up to date using Microsoft Intune
On August 25th, 2016 Lookout released research, conducted in partnership with The Citizen Lab (Munk School of Global Affairs, University of Toronto), about a sophisticated, targeted, and persistent mobile attack on iOS that uses three zero-day vulnerabilities called “Trident.” When exploited, these vulnerabilities can form an attack chain that subverts even Apple’s strong security.
According to Lookout’s research, Trident is used in a mobile spyware product called Pegasus, attributed to an organization called NSO Group, to attack high-value targets. The Pegasus attack starts with SMS phishing using spoofed sender numbers and anonymized domains to deliver malware to the target’s iPhone. The target’s phone is remotely jailbroken and immediately starts compromising the target’s digital life. Further, Pegasus has a built-in self-destruct capability. Lookout’s research reveals that the system is always monitoring to see if it’s been discovered. If it detects tampering, it has the ability to wipe itself out. Lookout is reporting that their products detect and alert customers to this threat.
Lookout has published extensive information on this threat in this blog post and this associated white paper.
Microsoft and Lookout have been working together on a partnership for mobile security that can help you insure that your corporate assets are always protected.
Read the entire article here, Ensuring mobile devices are up to date using Microsoft Intune
via the fine folks at Microsoft.