Fix is ready for iPhone spyware
Apple quick to patch security breach.
Apple issued an update to prevent attacks by rare, highly expensive spyware that exploits flaws in the mobile operating system for iPhones and iPads after security researchers said it was used to target a Middle Eastern dissident’s phone.
In a statement to USA TODAY on Thursday, Apple said it immediately fixed the vulnerability upon learning of it. It advises customers to download the latest version of its iOS, 9.3.5, for protection. The Associated Press first reported on the patch.
The software was discovered because it had been targeted at Ahmed Mansoor, a prominent United Arab Emirates dissident. He received a text message on his iPhone 6 that invited him to click on a Web link. He forwarded the message to the University of Toronto’s Citizen Lab.
Researchers there worked with San Francisco-based mobile security firm Lookout. In a blog post Thursday on its website, Lookout researchers said they found a “sophisticated, targeted, and persistent mobile attack on iOS using three zero-day vulnerabilities we call ‘Trident.’ ” The flaw lets the hacker break into an iOS device and spy on information gleaned from apps such as Facebook, WhatsApp, FaceTime, Gmail and Calendar, the post said.
Citizen Lab traced the link to NSO Group, which it calls a “cyberwar” company in Israel that sells a spyware product called Pegasus, said John Scott-Railton, one of the Citizen Lab report’s authors. NSO wouldn’t comment on whether it sold the software.
The flaws appear to have been available for at least three years, said Joseph Lorenzo Hall, chief technologist with the Center for Democracy & Technology in Washington D.C. “In which case, any iOS device could have been remotely hacked,” he said.