Apple rushed to release a new security update Thursday after system vulnerabilities were reported to the company following an attempted cyberattack on a human rights lawyer in the United Arab Emirates.
Advertisement
Investigations revealed the link would have installed a program that would have taken advantage of three flaws that Apple and others had not been aware of.
It’s able to breach Apple’s security using vulnerabilities in the operating system and surveil practically everything on your phone, including your texts, calls, emails, calendars, apps, and even keystrokes.
Apple released a security patch Thursday and is encouraging iPhone users to update the software on their smartphones to avoid falling victim to the spyware infection.
Lookout, a cybersecurity firm, and Citizen Lab at the University of Toronto’s Munk School of Global Affairs has shed some light on this interesting discovery.
An Israel-based “cyber war” company, NSO Group, was found by researchers at Citizen Lab and Lookout to be using zero-day exploits to target a human rights activist. But Mansoor reported the issue to Citizen Lab, an internet watchdog, who eventually discovered the flaw.
What makes this specific type of attack particularly sophisticated is in the number of vulnerabilities that had to be chained to make it a seamless attack requiring very little user interaction, said Guillaume Ross, senior security consultant at Rapid7.
If an iPhone user had touched the link, he would have given his hackers free reign to eavesdrop on calls, harvest messages, activate his camera and drain the phone’s trove of personal data. You can see the full details about this update here.
It also said a Mexican journalist and a minority party politician in Kenya had been targeted with NSO software and that domain names set up for other attacks referred to entities in Uzbekistan, Thailand, Saudi Arabia, Turkey, and other nations, suggesting that other targets lived in those nations.
‘The threat actor has never been caught before, ‘ said Mike Murray, a Lookout researcher.
In a separate post, Citizen Lab points out the exact vulnerabilities, which are used by Trident to install spyware on the system. Two Kernel flaws and one WebKit flaw was highlighted.
For nearly every iPhone owner on the planet, their only connection with the “Pegasus” spyware will be in the form of a critical iOS update which Apple issued late yesterday evening.
Advertisement
To download the software update on an iPhone, open Settings, tap General, and then Software Update.
