Helthydriver

Two days ago I had the pleasure of presenting our latest research at iVerify about #NSO #Pegasus BLASTPASS Exploit Chain at #BHASIA in Singapore. (#you-shall-not-pass---analysing-a-nso-ios-spyware-sample-37980" target="_blank" rel="nofollow noopener">blackhat.com/asia-24/briefi…) During the talk I presented how forensic analysis led to the discovery of the sample, the amount of steps

@gergely_kalman And I also think it’s not too much to ask from a trillion dollar company to spend 2 weeks of an engineers time to fix 5 year old OSs.^^

@Helthydriver Sure, I just said they didn't tell people to buy new phones, that's it. I was not following this any closer

No, they say upgrade iOS. Can't you people read?

@gergely_kalman Yes thats correct. But they also tell you iPhones are secure, jailbreaks don’t exists and attacks only happen to a few targeted people. I think it’s just important to read between the lines. And translate ;)

@gergely_kalman You are right support is way better, but ignoring these attacks and providing information only after public reporting should be called out. We haven’t seen any backports for 16/17 for DarkSword yet.

@Helthydriver Yeah, but smashing Apple for that is a tad unfair as the last supported device is iPhone 11 which is 7 years old now. That is significantly better than most androids for example. I'm also not an Apple fanboy, but this level of misinfo I could not tolerate

@gergely_kalman But I would have to check if any devices last OS is actually 13-14 or if all could update to 15

Erst "nur" für staatliche Spionage eingesetzt – jetzt in kriminellen Händen. Eine mächtige iPhone-Spyware zeigt gerade, wie das läuft. Wir warnen seit Jahren beim #Bundestrojaner. Sicherheitslücken haben keine Exklusivität. Sie stehen ALLEN offen. derstandard.at/story/30000003…

Idea for Apple - discount on buying a new iPhone if your old iPhone got hit with Coruna or DARKSWORD. x.com/ryanaraine/sta…

@craiu If they could just detect it…

@ryanaraine ^— this is a first! Including specifically naming the Coruna exploits in a security release, Apple just did two things they never did before. But we are still lacking backports for the vulnerabilities seen in DarkSword.

Apple confirms mass web attacks. Says to get new iPhones. support.apple.com/en-us/126776

@piffzsec @Little_34306 @zeroxjf It’s not the exploits. Just the payloads for injection and malware behavior.

@Little_34306 @zeroxjf wow! where did you guys found the sample?

How crazy Darksword and GHOSTBLADE are! shout out to @zeroxjf for the finding Unrelated: GHOSTBLADE also my fav comic from WLOP!

Two full iOS exploit kits in one month, deployed via watering holes on public websites, potentially affecting hundreds of millions of devices. Will Apple acknowledge that this no longer fits the "very small number of highly targeted individuals" narrative?

In collaboration with Lookout and Google (thank you 🙏) we have been working on tearing down and building detections for DarkSword - iOS exploit chain for iOS 18.4 - 18.7. Super excited for this research 🎉. Please update your iPhones. iverify.io/blog/darksword…

The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors cloud.google.com/blog/topics/th…

@FCE365 A full jailbreak might be unlikely. It missed SPTM, PPL, PAC, … bypasses in Kernel.

⚠️New iOS 18 DarkSword Exploit targets iPhone users through Spyware Infected Websites 📲 READ MORE: idevicecentral.com/apple/new-ios-… It looks like a Coruna-related DarkSword exploit has been identified. This can be useful for a Safari-based jailbreak on iOS, but it's also a major security risk since it spreads via infected web pages! Read more in the article.

Mandiant | The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors cloud.google.com/blog/topics/th…

here we go again, new iOS full-chain exploit dubbed DarkSword targeting entities in Ukraine, Saudi Arabia, Turkey, and Malaysia via compromised domains iverify.io/blog/darksword… , cloud.google.com/blog/topics/th… , lookout.com/threat-intelli…

I’ve been briefed on this one from the team that found it. I interviewed them yesterday and will put out a video soon. - it’s an insane story between Darksword and Coruna.

A powerful iPhone-hacking technique known as DarkSword has been discovered in use by Russian hackers. It can take over devices running iOS 18 that simply visit infected websites. wired.com/story/hundreds…

@EvanKlein338226 @ihackbanme There’s plenty of things you can do when caught. But getting there is the hard part. And yeah visibility, but also the “threat module” is something that needs to be vastly improved.

@ihackbanme 11/10 confidence. And honestly? They're right to not care The sandbox is so locked down that even when caught, there's no forensics possible. It's "we know you did it but can't prove how" energy Modern mobile malware OPSEC: don't bother 🤷

How much iOS attackers don’t give a F about getting caught from 0 to 10 ? They name their JS files “rce_worker_18.6.js” and rce_module.js. RCE stands for Remote Code Execution. (1/2)