A botched hack attempt using “sophisticated spyware package” allegedly tailored by an Israeli group on the iPhone of an Arab activist has triggered Apple to issue an “important” security update for its mobile operating system, iOS.
Advertisement
Hidden behind the link in the text message was a highly targeted form of spyware crafted to take advantage of three previously undisclosed weaknesses in Apple’s mobile operating system.
Not at all, according to the company, so long as you’ve got the latest beta installed.
The update is available to all devices running iOS 9 through an over-the-air update. That’s either beta 7 if you’re a developer or beta 6 if you’re in the public test.
The new update comes only three weeks after the last iOS 9.3.4 update and is a minor update.
Mansoor, who had previously been a victim of government cyber espionage with tools purchased for FinFisher and Hacking Team – companies that compete with NSO – was suspicious of the message and forwarded it to Citizen Lab. This update may come off pretty insignificant to some at first, but digging deeper into the new software will reveal to your eyes a startling security flaw that’s been patched up…
In the report that Citizen Lab released regarding the incident, the chain of exploits, which has been named the Trident, has been linked to the NSO Group.
Citizen Lab and Lookout both fingered a secretive Israeli firm, NSO Group, as the author of the spyware.
If you’re not on the latest version of iOS, now’s the time to update it. Lookout discovered the three zero-days, while Citizen Lab connected the zero-days to the Pegasus software and the NSO Group, an Israeli company bought by U.S. firm Francisco Partners in 2014. According to the Times, the software can read text messages and emails and track calls and contacts.
Human rights activist Ahmed Mansoor uses his iPhone in Ajman, United Arab Emirates, on Thursday, Aug. 25, 2016. Apple released a patch yesterday to fix these massive security problems, and you should download it immediately.
Mansoor didn’t click the link – he sent it straight to Citizen Lab researchers housed in the University of Toronto. Citizen Lab reported these vulnerabilities to Apple, which promptly fixed them in iOS 9.3.5; Citizen Lab’s report makes for fascinating reading – it’s a real-world thriller.
Advertisement
“While the company that identified the exploits noted that they would only have been used against specific high-value targets, the publicity around them means it’s more likely that criminal types would add them to their arsenal of attacks, so updating today would be exceptionally wise”.
