Technical Analysis of Pegasus Spyware
Aug 25, 2016
What's the difference? :)It's explained in detail here: https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegas...
Apparently it overwrites a system binary that's launched on boot with another apple-signed binary "jsc" (a console javascript interpreter), which will evaluate some sort of .js that re-exploits everything. Pretty clever to re-use apple-signed binaries for nefarious purposes. (The binary must be apple-signed because when booting the kernel isn't exploited yet and so it enforces code signing, obviously).
Aug 25, 2016
Direct links to other resources:Technical analysis: https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegas...
CitizenLab analysis of the nation-state side of things: https://citizenlab.org/2016/08/million-dollar-dissident-ipho...
Apple update: https://support.apple.com/en-us/HT207107
Aug 25, 2016
Here are the full technical details: https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegas...