The vulnerability could have allowed attackers to remotely jailbreak an iOS device
Apple rolling out an “important security update” for iPhones and iPads. The update (iOS 9.3.5) includes a patch for a very serious security vulnerability, which could allow attackers to remotely jailbreak a device. All users are advised to update their phones as soon as possible. According to a report by Citizen Lab, a human rights activist named Ahmed Mansoor received a suspicious text that promised “new secrets” about detainees tortured in UAE, if he clicked on a link. However, Mansoor instead sent the link to researchers at Citizen Lab, who recognised the links as belonging to an exploit infrastructure group, NSO Group. The firm claims that the group is an Israel-based cyber-war company that sells a “government-exclusive” spyware product called Pegasus.
After their investigation, Citizen Lab were able to determine that the links would have lead to a chain of zero-day exploits which would have remotely jailbroken Mansoor’s iPhone 6 and installed spyware. If infected, it would have allowed the attackers to user his camera and microphone to spy on him. It could have also record his WhatsApp and Viber calls, log messages sent in chat and also track his movements.
Last year, a company called Zerodium had announced a $1 million bug bounty program for a zero-day exploit for iOS 9. To claim the bounty, security researchers had to submit a browser-based untethered jailbreak for the OS. In November, the bounty was claimed. Earlier this month, Apple launched its own bug bounty program that gives researchers the chance to win receive up to $200,000.
Follow Us
Shrey Pacheco
Writer, gamer, and hater of public transport. View Full Profile
