In response to a series of zero-day vulnerabilities, Apple yesterday released an update to the latest version of iOS 9. The update patches several critical zero-day exploits that have apparently already been deployed, allegedly by foreign governments to target activists and dissidents, according to a report from Citizen Lab and Lookout Security.
That report of the hack reached Apple last week. The update is recommended immediately for all devices running iOS 9. Used in tandem, the exploits allow a hacker to hijack an iOS device and control or monitor it remotely.
That would give the cybercriminal access to a device?EU?s camera and microphone, meaning the hacker could take images and files, track the owner?EU?s movements and capture audio calls even in such normally secure apps as WhatsApp.
The exploits were discovered after a human rights lawyer alerted security researchers to unsolicited text messages he had received. The lawyer, Ahmed Mansoor, received the text messages on August 10 and 11.
The messages promised to reveal secrets about people allegedly being tortured in the United Arab Emirates’ jails if he tapped the links. If Mansoor had done so, his iPhone 6 would have been “jailbroken,” or hit with unauthorized software installations, according to Citizen Lab, a project at the University of Toronto?EU?s Munk School of Global Affairs.
The researchers said the spyware involved was most likely created by NSO Group, an Israeli cyber-war company. Lookout called it the most sophisticated spyware package it has seen, taking advantage of the combination of features only available on mobile devices such as voice communications, camera, email, messaging, GPS, passwords and contact lists.
Bill Marczak of Citizen Lab told reporters that the exploits have probably existed since before last month’s release of iOS 9.3.3. Apple said the vulnerability was fixed with the release of iOS 9.3.5,…