Apple patches ‘Trident’ spyware bug in OS X

Last week, Apple patched a three-stage attack dubbed “Trident” in its iOS mobile operating system. On Thursday, the company patched the same attacks in OS X El Capitan and Yosemite and the Safari 9 web browser. 

{mosads}Lookout, Inc. and the University of Toronto’s Citizen Lab, teams that worked together in first identifying the attack, came across Trident while investigating an attempt to hack a UAE human rights activist’s cellphone. Citizen Lab specializes in politically motivated hacking executed by governments. 

Lookout and Citizen Lab linked the attack on the activist’s phone to the military spyware contractor NSO through the web servers it used. It appears to have been a component of the company’s Pegasus product.  

The Trident attack is effective chain of security vulnerabilities that could start with someone clicking on a malicious link and end with a device taken over. The UAE activist, for example, asked Citizen Lab to investigate based on suspicious links he received that claimed to be pictures of torture. 

NSO is an Israeli-based developer owned by the American equity firm Francisco Partners. 

When Apple began rolling out patches for the Trident attacks, Lookout praised the company for its prompt response — Lookout and Citizen Lab notified Apple less than 10 days before it mitigated the problem. 

“[Our lab has] never seen a vendor react so quickly,” said Lookout representative Heather MacKinnon.