The flaws have been fixed in iOS 9.3.5 and CitizenLab has published a breakdown of the vulnerabilities to coincide with the security patch.
Advertisement
Flaws in Apple’s iOS operating system have been discovered that made it possible to install spyware on a target’s device merely by getting them to click on a link, BBC has reported.
“We advise all our customers to always download the latest version of iOS to protect themselves against potential security exploits”, a spokesman told AP.
Citizen Lab traced the link to NSO Group, which it calls a “cyberwar” company in Israel that sells a spyware product called Pegasus, said John Scott-Railton, one of the Citizen Lab report’s authors.
The Citizen Lab team claims that the malware was developed by the Israeli firm NSO Group, which creates spy software for governments. If Mansoor had done so, his iPhone 6 would have been “jailbroken”, or hit with unauthorized software installations, according to Citizen Lab, a project at the University of Toronto’s Munk School of Global Affairs. The researchers uncovered the flaw after a human rights activist from the United Arab Emirates, Ahmed Mansoor, suspected he was the target of government eavesdropping, according to the New York Times.
All iOS users, whether they are using iPhones or iPads, are strongly advised to upgrade to iOS 9.3.5 immediately.
Mike Murrary, a researcher with Lookout, described the program as “the most sophisticated spyware package we have seen in the market”.
If Mansoor clicked on that link with “secrets”, his iPhone would have been turned into a “sophisticated bugging device”, and UAE security agencies would be able to turn on his iPhone’s camera and microphone, record his and everything surrounding Mansoor.
Apple has issued a new software update after alleged spyware that could compromise the iPhone was reported in the Middle East.
The researchers alerted Apple to the vulnerability a week and a half ago.
Citizen Lab identified the domain the text message linked to as being one owned by the NSO group.
Advertisement
Speaking to Business Insider, an Apple spokesperson confirmed the vulnerability and assured that the company has already come up with a fix.
