SAN FRANCISCO Apple Inc (AAPL.O) issued a patch on Thursday to fix a risky security hole in iPhones and iPads after researchers discovered that a prominent United Arab Emirates dissident’s phone had been targeted with a previously unknown method of hacking. Every phone call, every piece of data would be sent to someone using this software, who could track your location, turn on your microphone, turn on your camera. Mansoor was recently targeted by spyware that can hack into an iPhone handset. It would have linked to a chain of what’s known as “zero-day” exploitations in the phone’s system – vulnerabilities that would be shared by all iphones.
Advertisement
The Pegasus software, one of the products being offered by the NSO Group, was described as a “lawful intercept” spyware tool that is exclusive for government use.
NSO Group didn’t deny its involvement, stating that its mission was to provide “authorised governments with technology that helps them combat terror and crime”.
“The fact that this particular exploit took advantage of three vulnerabilities to accomplish complete control shows how advanced and committed the authors are”, said Travis Smith, Senior Security Research Engineer at Tripwire.
CVE-2016-4655, CVE-2016-4656 and CVE-2016-4657 are the three flaws that have been patched by Apple in the new 9.3.5 update.
The developer behind what the Lookout team called “the most sophisticated attack we’ve seen on any endpoint” is believed to be an Israeli-based, US-owned NSO Group that speaks of itself as a “cyber war” company.
The road to discovery began on August 10 with a series of texts received by Ahmed Mansoor, an internationally recognized human rights defender living in the UAE.
Advertisement
If you are anxious that you could be affected by this vulnerability, the best thing to do is download the latest version of iOS to protect yourself against potential security exploits.
