The activist in question, United Arab Emirates-based Ahmed Mansoor, first received shady text messages on August 10.
Advertisement
The flaws have been fixed in iOS 9.3.5 and CitizenLab has published a breakdown of the vulnerabilities to coincide with the security patch.
No stranger to hacking attempts, the well-known dissident forwarded the messages to a researcher at Citizen Lab in the University of Toronto’s Munk School of Global Affairs.
The suspicious text messages in question linked to a spyware product belonging to NSO Group, a Tel Aviv-based software company owned by a San Francisco-based equity firm that created and has purportedly been operating a spyware program called “Pegasus” since 2010 at the company’s inception.
Citizen Labs found out that if he’d opened the message, the attackers could’ve taken over the device.
The company said it had no knowledge of any particular incidents. The group brought on mobile security company Lookout, and the two were able to uncover NSO Group’s software.
Hidden behind the link in the text message was a highly targeted form of spyware crafted to take advantage of three previously undisclosed weaknesses in Apple’s mobile operating system.
You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
Apple has issued a security update to resolve the issue.
Meanwhile, Mike Murray, the vice president of Security Research and Response at the cyber-security firm Lookout, gave an explanation on the potential threat that the breach poses.
The NSO said in a statement that its products are only made available for lawful purposes – that is, to prevent and investigate crimes.
Dahbash said NSO sells within export laws to government agencies, which then operate the software.
The flaw effectively leaves you at risk of malicious web links, like the one mentioned in the report.
Apple is urging owners to download an urgent software update.
It’s rare that Apple releases a second security update in the same month, but the seriousness of the flaws means it’s necessary. If you tap Install Tonight, just plug your iOS device into power before you go to sleep.
Advertisement
It also said a Mexican journalist and a minority party politician in Kenya had been targeted with NSO software and that domain names set up for other attacks referred to entities in Uzbekistan, Thailand, Saudi Arabia, Turkey, and other nations, suggesting that other targets lived in those nations.
