New iPhone 0-days Exploited in-the-wild to Install Predator Spyware

As previously reported, Apple released some emergency patches for three critical vulnerabilities considered Zero-Day and found to be exploited in the wild by threat actors.

Adding more details to these vulnerabilities, an exploit chain has been discovered by researchers, which can lead to installing spyware on the affected device.


Apple has released security advisories for these critical vulnerabilities, CVE-2023-41991, CVE-2023-41992, and CVE-2023-41993, and recommended all of its users install their security patches as soon as possible.


Deploy Advanced AI-Powered Email Security Solution

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware

Man-In-The-Middle (MITM) Exploit Delivery

The exploit chain was developed by Intellexa, which can be delivered through an MITM attack in which the threat actor stands between the website and the victim.

However, victims visiting an encrypted (SSL – https://) website were not affected when compared to victims visiting insecure websites (http://). When a user visits an insecure website, the threat actor can inject malicious code and redirect them to another site c.betly[.]me

Furthermore, if the user is an expected victim, the website redirects the user to an exploit server sec-flare[.]com, which does not require any user interaction. This means that it is a 0-click exploit that won’t require opening any documents or links or answering phone calls.

iOS & Exploit Chain

Once the victim is redirected to the exploit server, the exploit chain begins executing a small binary to decide whether to install predator implants. While this is the case for iOS users, the exploit chain occurs in two methods for Android. One was the MITM injection, and the other was through one-time links sent to the victims directly.

However, for Android, the remote code execution vulnerability was performed by using the Google Chrome vulnerability CVE-2023-4762

Google Threat Analysis Group has published a complete report in collaboration with the Citizen Lab, which provides detailed information about this exploit chain and other information.

Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the free trial to ensure 100% security.

Eswar is a Cyber security reporter with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is reporting data breach, Privacy and APT Threats.