Endpoint Security , Next-Generation Technologies & Secure Development , Threat Intelligence

Apple Fixes Bugs That Infected Egyptian Politician's iPhone

Cytrox's Predator Found on Device of Ahmed Eltantawy
Apple Fixes Bugs That Infected Egyptian Politician's iPhone
Former Egyptian parliamentarian Ahmed Eltantawy in an Aug. 10, 2023 video (Image: Eltantawy's Facebook page)

Apple released patches Thursday to close three actively exploited vulnerabilities that researchers said commercial spyware maker Cytrox used to infect the iPhone of Egyptian politician Ahmed Eltantawy with Predator malware.

See Also: Bank on Seeing More Targeted Attacks on Financial Services

Affected devices include the iPhone 8 and subsequent models, desktops running macOS Monterey or newer versions as well as models of the iPad Mini and Apple Watch released in recent years. Also affected is Apple's Safari browser.

Apple credits discovery of the flaws to the University of Toronto's Citizen Lab and Maddie Stone of Google's Threat Analysis Group. The Canadian organization and Stone collaborated to analyze the smartphone of the former member of the Egyptian Parliament who earlier this year announced a presidential bid in the Arab country's 2024 election.

The Citizen Lab attributes the attack "with high confidence" to the Egyptian government, given that Cairo is a known customer of the Hungary-based spyware maker and the attack appears to have taken place through Vodafone's Egypt network. "Precisely targeting injection at an individual Vodafone subscriber would require integration with Vodafone’s subscriber database," The Citizen Lab wrote.

It's likely state authorities used a network policy control product developed by Canadian company Sandvine marketed as PacketLogic, it added. Using the tool, they were able to redirect an internet request from Eltantawy's phone to a malicious site that downloaded Predator.

The trio of vulnerabilities - tracked as CVE-2023-41991, CVE-2023-41992 and CVE-2023-41993 - includes certificate validation issues, a kernel security flaw and a WebKit flaw enabling arbitrary code execution.

This marks the second time this month that The Citizen Lab has tipped off Apple to flaws exploited by commercial spyware makers. In early September, the group published findings of how NSO Group, maker of the Pegasus advanced spyware app, had used a zero-click exploit to infect at least one iPhone carried by an individual employed at a Washington, D.C.-based civil society organization (see: Apple Fixes Zero-Click Bugs Exploited by NSO Group's Spyware).

About the Author

Mihir Bagwe

Mihir Bagwe

Principal Correspondent, Global News Desk, ISMG

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing ransomware.databreachtoday.com, you agree to our use of cookies.