Apple has fixed three major security flaws that existed in its operating systems.
iPhone and iPad users are being urged to upgrade their version of iOS to 9.3.5 after the vulnerabilities were exploited by a hacking group.
An Israel-based "cyber war" company, NSO Group, was found by researchers at Citizen Lab and Lookout to be using zero-day exploits to target a human rights activist.
Lawyer Ahmed Mansoor, who is based in the United Arab Emirates, was sent a suspicious text message on August 10 2016, which asked him to click a link telling him to find out more information about people detained in the country. This was followed by a second message a day later.
Citizen Lab identified the domain the text message linked to as being one owned by the NSO group. "When we clicked the link, we saw that it was indeed active, and watched as unknown software was remotely implanted on our phone," the researchers said.
"This suggested that the link contained a zero-day iPhone remote jailbreak: a chain of heretofore unknown exploits used to remotely circumvent iPhone security measures."
This means that anyone who had clicked the link sent by the NSO Group would have their iOS device infected and phone controlled, as well as data being accessed remotely.
Lookout Security confirmed the existence of the previously unknown exploit and Apple issued the patch 10 days later. While Mansoor was using an iPhone 6, the updated iOS will patch iPhones from the 4S upwards.
"Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements," Citizen Lab says in its blog post.
In a short security blog post, Apple addressed three vulnerabilities highlighted by the two teams of researchers. Two Kernel flaws and one WebKit flaw was highlighted. "Visiting a maliciously crafted website may lead to arbitrary code execution," Apple explained in the post.
To update to the latest version of iOS, users should access the Settings application on iPhones and iPads, followed by 'General' and 'Software Update'.
No comments:
Post a Comment