ZecOps - A Jamf Company

Don't have access yet? Contact us here https://t.co/UXWePiQDhP

ZecOps for Mobile is now fully supporting iOS 16 (including Lockdown Mode!)

iOS 15.7 is out and it fixed CVE-2022-32917 which was likely exploited in the wild. Update as soon as you can. https://t.co/k3NleSMjWd

Please note: processes used as IOCs have limited value. In most cases, attackers can change the names. The folks from Amnesty Tech had done an impressive job in their research, and trying to prove anything due to a lack of clarification on uppercase/lowercase is ridiculous.

[Pegasus IOCs Update] One of the Pegasus IOCs included a process named 'diagnosticd'. If you found this process on your phone: don't panic! This process is a default iOS process (located at /usr/libexec/diagnosticd).

For clarity: Amnesty referred to 'Diagnosticd' with uppercase D. We referred to 'diagnosticd' with lowercase D. If you are seeing 'diagnosticd' in /usr/libexec it is a legitimate process. If you've observed 'Diagnosticd' in any folder, per Amnesty's note, it could be malicious.

Remember: WebKit+Kernel exploit that is delivered via AdNetwork == 0-click water-holing attack. For mobile devices specifically, it is (very) dangerous out there and 99.9% of device-owners and businesses don't even know what *processes* are running on your phones.

We see similar attacks often and can help to provide visibility to iPhones and iPads. Contact us here if you need help: https://t.co/UXWePiyu3H