The recently revealed Pegasus iOS hack that uses a text message with malformed link to exploit WebKit vulnerability has been fixed in iOS 9.3.5. However, for those who are infected there is no known way to clean the device. Since the hack jailbreaks the device to make kernel mods I am assuming the tell tale sign is apple updates no longer work. Can anyone confirm?
iPhone 6, iOS 9.3.5
IiPhone update iOS 9.3.5
IiPhone update iOS 9.3.5
Everything I've read states 9.3.5 patches against further attacks but nothing I read stated any remedies for system that was jailbroken by this hack.
For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available.*
According to Lookout (one of the labs that identified the zero day exploits used by Trident and Pegasus) they have an app that can detect an existing infection. I've never run any A/V software on an iOS device, but you may wish to look into it if interested.
https://blog.lookout.com/blog/2016/08/25/trident-pegasus/
http://www.imore.com/apple-has-patched-pegasus-malware-heres-what-you-need-know
iOS 9.3.3 wrote:
IiPhone update iOS 9.3.5
Everywhere I look, everyone is saying iOS 9.3.5 will remove Pegasus infection but Lookout security says otherwise:
https://blog.lookout.com/blog/2016/09/02/pegasus-trident-ios-update/
I'm not sure who to trust. If this is a Windows computer, the foolproof solution is to format and reinstall the OS. We can't do that to a smartphone.
If someone suspects they may have been infected, restoring the device as new in iTunes and setting it up from scratch is the equivalent of a computer reformat and re-install from clean media. Of course, that means abondoning all data on the device or using any backups to restore from.
Quite honestly, I do believe what Lookout reports as their group was one of the original teams to first identify and analyze the exploits and malicious software. They reportedly then did work with Apple to plug the exploits with iOS 9.3.5.
If factory reset erases the malware, why didn't Lookout mention it in their article?
Because Lookout is an enterprise security systems company and so warns enterprise companies not to wipe as it means they cannot conduct forensic analyses of their enterprise infection, and may loose valuable company data - https://blog.lookout.com/blog/2016/09/02/pegasus-trident-cio-ciso-what-to-do/
For an individual who understands they are inherently going to loose all their data, then a restore as new device in iTunes will erase all content and re-install the latest iOS. Then, as long as they avoid backups, the infection will be gone.
As i said, a restore as new device in iTunes is the iOS equivalent of a re-format and re-install from trusted media on a Windows or OS X computer.
Other media security sites and Apple tech news sites have already reported that's the best you can do if you think you are actually infected. Lookout will sell you their software and work with you if you wish to trace any infection beyond a single device (or you can use their App to check your device for infection after updating to iOS 9.3.5).
P.S. The Lookout Pegasus detection app is free to use for that single purpose. Note that it may give some false positives on some devices, as the app was not purpose built just to detect Pegasus.
I'm not convinced factory reset (restore as new) equals format/reinstall unless you really know how iOS factory reset really works internally. As far as I know Apple does not disclose that information. I suppose one can try Lookout app to scan before and after factory resetting the device to see if Pegasus malware is no longer there.
I want to download iOS new
iOS Pegasus Hack?
