“The attack allows an adversary to silently jailbreak an iOS device and stealthily spy on victims, collecting information from apps including Gmail, Facebook, Skype, WhatsApp, Calendar, FaceTime, Line, Mail.Ru, and others”, Lookout said in a blog post.
Advertisement
There are now no details about the exact changed implemented in these new Beta releases, but we have a feeling that they have something to do with the fact that Apple pushed last evening the fifth stable maintenance update to the iOS 9 series of its mobile OS, patching two kernel security issues and a WebKit bug that could have allowed attackers to steal sensitive information.
The cyberattack reportedly involved a text message with a link that was sent to an iPhone belonging to a human rights activist in the Middle East. This comes just a day after the company began rolling out iOS 9.3.5 to the world.
The rest of the world should also be able to update their devices to iOS 10 in September, but there’s now no release date set in stone. If Mansoor had done so, his iPhone 6 would have been “jailbroken”, or hit with unauthorized software installations, according to Citizen Lab, a project at the University of Toronto’s Munk School of Global Affairs. Lookout called it the most sophisticated spyware package it has seen, taking advantage of the combination of features only available on mobile devices such as voice communications, camera, email, messaging, GPS, passwords and contact lists.
It’s unlikely that any of the exploits reached iOS end users, since they were caught by researchers and Apple.
The incident came to light when Security company Lookout and internet watchdog group Citizen Lab investigated the cyber attack on Mansoor’s iPhone and found it to be the product of NSO Group, a “cyber war” organization based in Israel that’s responsible for distributing a powerful, government-exclusive spyware product called Pegasus. Apple also said that users should also avoid clicking on links in SMS messages from unknown parties since such messages can be spoofed.
“We were made aware of this vulnerability and immediately fixed it with iOS 9.3.5”.
Advertisement
The company only sells its software to authorized governmental agencies and requires customers to sign an agreement that its products will only be used in a lawful manner, specifically “the prevention and investigation of crimes”, he said.
