Israeli Spyware Vendor Intellexa Exploits Rare iOS and Chrome Zero-Days to Target Egyptian Entities
September 29, 2023
Intellexa, an Israeli espionage software vendor, reportedly used three zero-day vulnerabilities in Apple's iOS and one in Google Chrome to craft an exploit chain targeting Egyptian organizations. The firm leveraged these vulnerabilities to infiltrate iPhones and Android devices, deploying its signature 'Predator' spyware. The Predator software was initially developed by Cytrox, a company that Intellexa has absorbed.
Intellexa has a history of deploying the Predator spyware against Egyptian citizens, with previous instances recorded in 2021. The recent attacks began with man-in-the-middle (MITM) tactics, where users attempting to access http sites were intercepted. The MITM technique allows the attacker to bypass the need for user interaction, such as clicking on a specific link or opening a document.
'The use of MITM injection gives the attacker a capability where they don't have to rely on the user to take a typical action like clicking a specific link, opening a document, etc. This is similar to zero-click exploits, but without having to find a vulnerability in a zero-click attack surface,' Google's Threat Analysis Group (TAG) researchers explained.
The users were then redirected to a site controlled by the attacker. If the user was the intended target, they were redirected again to a second domain where the exploit was triggered. The exploit chain developed by Intellexa involved three zero-day vulnerabilities: CVE-2023-41993, a remote code execution bug in Safari; CVE-2023-41991, a certificate validation issue enabling PAC bypass; and CVE-2023-41992, which allows for privilege escalation in the device kernel.
Intellexa also targeted Android devices using MITM and one-time links sent directly to targets. This attack required only one vulnerability: CVE-2023-4762, a high-severity flaw in Google Chrome that allows attackers to execute arbitrary code on a host machine via a specially crafted HTML page.
Google TAG researchers believe the discovery of these exploits will force the attackers to develop new ones, costing them time and resources. 'Each time their exploits are caught in the wild, it costs attackers money, time, and resources,' the researchers noted.
Related News
- Apple's macOS 14 Sonoma Addresses Over 60 Security Issues
- Spyware Attacks Exploit Recently Patched Apple, Chrome Zero-Days
- Emergency Security Update iOS 17.0.1: A Critical Alert for All iPhone Users
Latest News
- Millions of Exim Mail Servers Vulnerable to Zero-Day RCE Attacks Due to Critical Flaw
- Exploit for Critical Microsoft SharePoint Server Vulnerability Released
- CISA Highlights Exploitation of Legacy JBoss RichFaces Vulnerability
- Over 2,000 Entities Hit by Cl0p Ransomware Group Exploiting MOVEit Vulnerability
- Progress Software Issues Critical Alert for WS_FTP Server Vulnerability
Like what you see?
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.