Apple has patched three critical vulnerabilities in iOS that were identified when an attacker targeted a human rights activist in the UAE with an exploit chain that used the bugs to attempt to remotely jailbreak and infect his iPhone.
Advertisement
According to Citizen Lab, the links in the text message belong to “an exploit infrastructure connected to NSO Group, an Israel-based “cyber war” company that sells Pegasus, a government-exclusive “lawful intercept” spyware product”.
Security researchers at Citizen Lab and Lookout, a mobile security firm, discovered the existence of spyware that could gain access to every piece of information on an infected device, including all your communications.
When Ahmed Mansoor, a pro-democracy activist, received two text messages that promised him to reveal secrets about prisoners being tortured in UAE jails.
Since he has already had experience with government hackers, instead of clicking on the link, Mansoor sent the message to researchers at the Citizen Lab at the University of Toronto’s Munk School of Global Affairs. Flaws in Apple’s iOS system are rare; in one public sale a year ago, the cybersecurity company Zerodium bought a zero-day exploit for an iPhone for $1 million. Apple’s security team worked in tandem with the researchers and was “very responsive”, releasing a combined fix for all three issues at once-CVE-2016-4655, CVE-2016-4656, and CVE-2016-4657.
Citizen Lab and Lookout claim to have traced the malware to an Israeli organisation called the NSO Group and its commercial Pegasus product, with Citizen Lab hinting to links between the NSO Group and attacks in Mexico, Panama and the USA in the past.
“[It is] the most sophisticated spyware package we’ve seen”, said Lookout.
If you have an iPhone, you need to download the latest iOS update right now. Such tools, known as remote exploits, cost as much as $1 million.
The company said it had no knowledge of any particular incidents.
Companies like Apple are using users and research labs as beta testers after the software has been released.
Still, the fix is out there and easy to grab, so just go to Settings General Software Update, and take care of it right away.
Advertisement
This, however, “happens invisibly and silently, such that victims do not know they’ve been compromised”, Lookout and Citizen Lab researchers wrote. This Israel-based group, acquired by U.S. company Francisco Partners Management in 2010, is known for specializing in cyber warfare. It’s pointed out that the product used advanced hacking methods and was highly valuable, in fact the group sold 300 licenses for about $8 million.
