Because hackers may already have access to your iPhone.
Advertisement
Apple Inc issued a patch on Thursday to fix a risky security flaw in iPhones and iPads after researchers discovered that a prominent United Arab Emirates dissident’s phone had been targeted with a previously unknown method of hacking.
Citizen Lab described the UAE government as being “the likely operator behind the targeting” and traced the creation of the spyware to Israel’s NSO Group, which creates and sells spying software to clients, including foreign governments. For users running the beta of iOS 10, the latest seed also patches the exploits.
The spyware was detected when used against Ahmed Mansoor, a human rights activist in the United Arab Emirates, who has been repeatedly targeted using spyware. They used fake domains to try and disguise themselves as legitimate groups like the Red Cross, news organizations, and large tech companies. The next day he got another, this time with a link promising information on detainees in UAE jails.
According to a report from Citizen Lab, clicking on the suspicious link “would have remotely jailbroken Mansoor’s stock iPhone 6 and installed sophisticated spyware”.
“These exploits are ideally suited to perform targeted, enterprise-focused attacks, and we expect that customers of this type of software are using these attacks for that that goal”, Mike Murray, Lookout’s VP of security research & response, wrote in a blog post.
With the release of the iPhone 7 which will run on the latest iOS 10 software coming soon, it is still imperative for users to update to the iOS 9.3.5 to ensure safety while waiting for the newer version to become available.
The combination of the vulnerabilities, together known as “Trident”, gives the attacker access to an iPhone’s camera, microphone and location.
The attack allows an adversary to silently jailbreak an iOS device and stealthily spy on victims, collecting information from apps including Gmail, Facebook, Skype, WhatsApp, Calendar, FaceTime, Line, Mail.Ru, and others.
Apple said in a statement that it fixed the vulnerability immediately after learning about it. You should go download it now, because it contains an important security fix.
The hack, which is being blamed on Israeli surveillance company NSO Group Technologies, was discovered by CitizenLab and mobile security company Lookout who tested to see what happens when they click on the link.
Advertisement
“The company sells only to authorized governmental agencies, and fully complies with strict export control laws and regulations”, NSO spokesman Zamir Dahbash said in a statement.
