On Thursday, Apple released a new security update for iPhone users worldwide after the discovery of an attempted hack that was trying to take advantage of three huge vulnerabilities in the iOS operating system.
Advertisement
Human rights activist Ahmed Mansoor shows Associated Press journalists a screenshot of a spoof text message he received in Ajman, United Arab Emirates, on Thursday, Aug. 25, 2016. No stranger to hacking attempts, the well-known dissident forwarded the messages to a researcher at Citizen Lab in the University of Toronto’s Munk School of Global Affairs.
Citizen Lab researchers traced the rogue software to NSO Group, an Israeli company that makes software that can “secretly target a user’s mobile phone and gather information from it”. Two weeks ago the human rights activist, received two unusual text messages with links to websites.
An Israeli technology company has been accused of creating and supplying an aggressive interception program capable of taking over Apple’s iPhones and turning them into remote spying devices, after it was used to target a Middle Eastern human rights activist and others.
The firms found that the attack was using three critical iOS zero-day vulnerabilities, collectively termed Trident, that together form an attack chain that subverts Apple’s security environment. When those things are combined, an iOS device can be remotely jailbroken – something that has always been sought-after but hasn’t been successfully used in any known campaigns. The spyware was disguised as a link promising to reveal details regarding torture at UAE’s prisons. Security researchers he was working with then shared their findings with Apple who have now developed, and released, the fix.
NSO Chief Executive Shalev Hulio referred questions to spokesman Zamir Dahbash, who said the company “cannot confirm the specific cases” covered in the Citizen Lab and Lookout reports. A call to FPM was not immediately returned.
Advertisement
If you want to protect yourself, update your iOS device immediately, because the flaw could be exploited by simply clicking on an SMS link which then installs a spyware called “Pegasus”.
