The update patches several critical zero-day exploits that have apparently already been deployed, allegedly by foreign governments to target activists and dissidents, according to a report from Citizen Lab and Lookout Security. It could also record sounds and collect passwords.
Advertisement
Reuters reports that a remote server, which costs as much as $1 million, was used to exploit the smartphone, marking the first time that this has ever happened to an iPhone 6.
The activities of the company came to light after Ahmed Mansoor, a 46-year-old human rights activist from the United Arab Emirates, received a odd text message from a number he did not recognise on his iPhone. Mansoor forwarded the message to Citizen Lab’s Bill Marczak.
The two teams found that the perpetrators targeted three critical iOS zero-day vulnerabilities, which they dubbed “Trident“.
Apple’s iOS 9.3.5 is the second security patch that the Cupertino, California-based company has issued this month. Each message contained a link to a website where more information could be obtained. Working with a USA mobile security company, researchers there identified it as an exploit connected to NSO Group, an Israeli company best known for selling a government-exclusive “lawful intercept” spyware product called Pegasus.
Citizen Lab contacted Apple immediately about the security risk, setting in motion the process that led to today’s iOS update. “We advise all of our customers to always download the latest version of iOS to protect themselves against potential security exploits”.
Advertisement
The activist named Ahmed Mansoor, who lived in downtown Ajman, a small city-state in the United Arab Emirates reported the link to internet watchdog, Citizen Lab, which exposed plans by an Israeli cyberespionage firm, who planned to develop an eavesdropping software. If you are somehow unable to update your iPhone/iPad kindly avoid clicking on even trusted links till your device is patched.
