Apple released patches for three previously unknown vulnerabilities on September 21, 2023. These vulnerabilities were exploited in a sophisticated attack aimed at Ahmed Eltantawy, a former member of the Egyptian parliament, between May and September 2023. Eltantawy, who publicly announced his intention to run for President in the 2024 Egyptian elections, was targeted using a spyware strain called Predator. The Citizen Lab has attributed this attack to the Egyptian government, a known customer of commercial spyware tools.
The attack was orchestrated through SMS and WhatsApp messages, with Eltantawy's Vodafone Egypt mobile connection being persistently targeted for network injection. This technique redirected him to a malicious website when visiting certain non-HTTPS sites, infecting his phone with Cytrox's Predator spyware.
The attack chain exploited three vulnerabilities, allowing the attacker to bypass certificate validation, elevate privileges, and execute remote code on the targeted device. The Predator spyware, created by Cytrox, functions similarly to NSO Group's Pegasus, enabling the surveillance of targets and extraction of sensitive data from compromised devices.
The attack demonstrates the ongoing risks of spyware threats, particularly for individuals in sensitive positions. The incident also highlights the importance of keeping devices updated and utilizing security features like Lockdown Mode to safeguard against such attacks.
