An Apple spokesperson told the publication that the company fixed the vulnerability with iOS 9.3.5 as soon as it was made aware of it.
Advertisement
The vulnerability came to the attention of security researchers after human rights activist Ahmed Mansoor received a suspicious text message promising details of prison torture in the United Arab Emirates.
For nearly every iPhone owner on the planet, their only connection with the “Pegasus” spyware will be in the form of a critical iOS update which Apple issued late yesterday evening.
The specific update needed to address this vulnerability is iOS 9.3.5. The attacker achieves easy access to almost everything on the iPhone in case that the victim clicks the link.
The malware, which as per the researchers, originated from an Israeli company called NSO Group that was bought by the US private equity firm Francisco Partners in 2014, was used to target journalists and activists in some cases, according to Citizen Lab, a group focused on the intersection of technology and information security. If Mansoor had done so, his iPhone 6 would have been “jailbroken”, or hit with unauthorized software installations, according to Citizen Lab, a project at the University of Toronto’s Munk School of Global Affairs.
Mr Mansoor, a human rights activist, said he hoped the discovery “could save hundreds of people from being targets”. They used fake domains to try and disguise themselves as legitimate groups like the Red Cross, news organizations, and large tech companies. According to security company Lookout, it is possible that the iOS exploit has been already available for purchase for around two years.
Lookout Security confirmed the existence of the previously unknown exploit and Apple issued the patch 10 days later.
“The fact that this particular exploit took advantage of three vulnerabilities to accomplish complete control shows how advanced and committed the authors are”, said Travis Smith, Senior Security Research Engineer at Tripwire.
Advertisement
“The agreements signed with the company’s customers require that the company’s products only be used in a lawful manner”, he added.
