A botched hack attempt using “sophisticated spyware package” allegedly tailored by an Israeli group on the iPhone of an Arab activist has triggered Apple to issue an “important” security update for its mobile operating system, iOS.
Advertisement
Upon learning of the security flaw, Apple quickly responded with iOS 9.3.5, which protects iPhone users from a potential breach.
NSO says that the malware used to target Mansoor, which is called as Pegasus, is a tool which allows “remote and stealth monitoring and full data extraction from remote targets devices via untraceable commands”.
Ahmed Mansoor, a well-known human rights defender and dissident in the United Arab Emirates, alerted Citizen Lab to the spyware after receiving an unusual text message on August 10.
Zamir Dahbash, an NSO Group spokesman, said in an email, “The company sells only to authorized governmental agencies, and fully complies with strict export control laws and regulations”.
After reporting the link to security companies CitizenLab and Lookout, three new iOS security vulnerabilities were discovered. “Zero days” means the flaws were previously unknown, and a company had no time, or “zero days”, to fix them.
Along with the fix, Apple released a statement that it “doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available”.
“Pegasus is one of the most sophisticated pieces of surveillance and espionage software that Lookout has investigated”, it said.
A highly targeted form of spyware was apparently hidden behind the text message, which actually takes advantage of Apple iOS’ undisclosed weakness.
Evidence points the NSO Group – an Israeli company that makes software for governments that can secretly target mobile phones and gather information – as the author of the spyware.
The spyware was detected when used against Ahmed Mansoor, a human rights activist in the United Arab Emirates, who has been repeatedly targeted using spyware.
Apple recently launched its own reward system to encourage people to disclose any vulnerabilities that they found, with this highest bounty up to $200,000.
Advertisement
Apple told various U.S. media outlets that it fixed the vulnerabilities as soon it learned about them.
