Menu
What's new
By:
Filters Better Search

Trends Micro and this "zero day" exploit patch

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

d_v_us

d_v_us

Regular Contributor
Hey guys, can anyone shed some light on this issue for me. I currently have Aiprotect turned on....does this help should any of my Apple devices click on an "suspicious" imessage prior to them updating with the recent IOS patch the other day for the zero day exploit? Also, once I've patched my apple products...would that potentially "close" (or remove) the malware? And...what if any protection does Trend Micro running on my router help me in this instance.
 
AiProtect has nothing to do with your Apple products.

If you looked around the net you would know that Apple already released emergency patches for this exploit on Monday 13th.


Previous thread on this exploit.

The exploit is also model and OS dependant , not every device is vulnerable.
 
AndreiV said:
AiProtect has nothing to do with your Apple products.

If you looked around the net you would know that Apple already released emergency patches for this exploit on Monday 13th.


Previous thread on this exploit.

The exploit is also model and OS dependant , not every device is vulnerable.
Click to expand...

Looks like you might have rushed to answer without fully reading my post? While I'm aware that Aiprotect doesnt specifically "protect" devices....its detects potential attacks for devices that connect correct? I have "looked around the net" Hopefully someone else can provide a more constructive input on all the areas I touched on since I mentioned that I've patched already?
 
d_v_us said:
Looks like you might have rushed to answer without fully reading my post? While I'm aware that Aiprotect doesnt specifically "protect" devices....its detects potential attacks for devices that connect correct? I have "looked around the net" Hopefully someone else can provide a more constructive input on all the areas I touched on since I mentioned that I've patched already?
Click to expand...
Tech9 said:
It wasn't malware. It was an exploit, direct access to the device is needed.
Click to expand...
@Tech9 "nailed it."
 
Tech9 said:
It wasn't malware. It was an exploit, direct access to the device is needed.
Click to expand...
SomeWhereOverTheRainBow said:
@Tech9 "nailed it."
Click to expand...

So although it wasnt malware....the exploit allowed malware to be injected right? Guys...no ones lookin for a fight here....just clear advice on Trends Micro capabilities and...once patched (ANY DEVICE OR OS)...does that take care of the possible threat had a user clicked on it:) Again...not an SME...total noob here ok?
 
d_v_us said:
the exploit allowed malware to be injected right?
Click to expand...

No. Exploit is when someone gets more permissions than expected. What is he going to do after is unknown.
 
d_v_us said:
So although it wasnt malware....the exploit allowed malware to be injected right? Guys...no ones lookin for a fight here....just clear advice on Trends Micro capabilities and...once patched (ANY DEVICE OR OS)...does that take care of the possible threat had a user clicked on it:) Again...not an SME...total noob here ok?
Click to expand...
Zero day is an exploit vulnerability on board the device. AI Protect has zero to do with repairing vulnerabilities on devices. It only monitors your internet traffic looking to block bad reputable actors and external threats.
 
d_v_us said:
Again...not an SME...total noob here ok?
Click to expand...

Here is an example of exploit - you can even test it for yourself and make someone look stupid:

Some of the fancy Chinese keypad locks only look very secure. If there is a relay inside, activated by the right key combination, you can attempt to exploit the lock with a powerful magnet. Relays are electro-mechanical devices and the contacts don't care much where the magnetic field is going to come from - the coil or your magnet. Did you get the idea? In this case you have to have physical assess to the lock. Carrying a magnet inside your pocket isn't a crime, bit it may allow you to enter someone's home without leaving a trace. Good locks use solid state components, they are "patched".
 
Tech9 said:
Here is an example of exploit - you can even test it for yourself and make someone look stupid:

Some of the fancy Chinese keypad locks only look very secure. If there is a relay inside, activated by the right key combination, you can attempt to exploit the lock with a powerful magnet. Relays are electro-mechanical devices and the contacts don't care much where the magnetic field is going to come from - the coil or your magnet. Did you get the idea? In this case you have to have physical assess to the lock. Carrying a magnet inside your pocket isn't a crime, bit it may allow you to enter someone's home without leaving a trace. Good locks use solid state components, they are "patched".
Click to expand...
In this case, you would hope AI Protect is being a good neighborhood watch and notices any strange traffic, but being a good neighborhood watch person does not equate to patching or replacing a broken lock. The neighborhood watch person won't even know there is something wrong with that lock.
 
The old lady with cats may have heard something. She calling the police on you just because you carry a magnet is the "false positive". :)
 
Ok...I'm ready for another walk of shame....it just hit me today how I was trying to tie the Aiprotection tab (and all the tools within) with Apple devices and this latest patch. So...when ur at home and ur Apple devices are using wifi to makes calls, sms txts, etc.,....wouldn't that be a scenario where a potential exploit could be identified by the router (realizing that the signatures would have to be updated as well)? Remember...old noob here so be gentle.

FYI...I did see where there's a command line tool you can run to see if ur devices have been compromised.
 
d_v_us said:
wouldn't that be a scenario where a potential exploit could be identified by the router?
Click to expand...

Unlikely, unless something starts phoning home with a known to the router voice pitch. Think jailbroken iPhone or rooted Android. Exploits were used to give the users more control over the devices. The router doesn't care much - no harmful in/out activity. Your Antivirus program may recognize the tools used as malicious. I have directories excluded from scans for that reason.
 
Thanks everyone for all ur input...looks like I was trending down the wrong rabbit hole from the get go like AndreiV, Tech9 and others had mentioned initially:)
 
Last edited:
XIII said:
You can use iMazing instead if you’re not comfortable working on the command line:

imazing.com

Detecting Pegasus Spyware with iMazing

imazing.com imazing.com
Click to expand...
Uuugh...all you "Very Senior Members" have ur PMs turned off...sucks for me....so XIII...you can vouch for this imazing product then?

Spent all weekend getting up to speed on MVT, WSL, Python, Ubuntu only to see...there's a better way:)

Oh FYI...it's been confirmed....researchers have found malware hiding in WSL now....Doh

SNB might need ta start a Linux sub forum so I won't hijack this one?
 
Last edited:
d_v_us said:
Oh FYI...it's been confirmed....researchers have found malware hiding in WSL now....Doh
Click to expand...
It should be noted the malware issue is not "hiding" in WSL. It is that malware was (per this link); "written primarily in Python and compiled in the Linux binary format ELF (Executable and Linkable Format) for the Debian operating system." From the TomHardware article you linked to:
The researchers said the malware was distributed via Executable and Linkable Format (ELF) files intended to run on Debian, a popular Linux distribution, and its derivatives. In some cases those files contained a payload intended for a target PC; in others they received a payload from remote command and control infrastructure.
Click to expand...
 
Yep....providing the reading material for all to interpret right?
 
Last edited:
XIII said:
For iOS backups: certainly.

For finding this malware? I don’t know. It did not find anything on my devices, just like Amnesty’s command line tool.
Click to expand...

Thank you sir....and as to not finding any malware...that's always a good thing:)
 
You must log in or register to reply here.

Similar threads

J
Alert Preference - Email notification issues
Replies
3
Views
548
JoSmittyCan
J
I
AIProtection vs Built-in Web Browser protection
Replies
14
Views
2K
bbunge
bbunge
mekki
WAN Reconnect Problems Across ASUS Routers / Firmware Versions
Replies
10
Views
1K
brummygit
brummygit
G
NAT type option gone after updating GT-AX11000 to firmware 3.0.0.4.388_23285, and other issues
Replies
1
Views
908
RMerlin
RMerlin
A
System log and modem both going nuts
Replies
3
Views
1K
sfx2000
sfx2000

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 946 (members: 17, guests: 929)
Top