Apple released this Tuesday a patched update, iOS 9.3.5. This version fixes a critical security issue, which may risk to jailbreak iPhone, iPad and iPod touch. Users with devices running iOS 9.2 to iOS 9.3.4 are recommended to update immediately to protect themselves against potential security exploits.
This iOS security flaw is a combination of three ‘zero-day’ vulnerabilities. It is called ‘zero-day’ because Apple didn’t know about these vulnerabilities, and they had zero day to fix them. Users’ device may be infected and remotely controlled by attackers through a simple click on a malicious link. This is the first time an iOS zero-day attack is publicly revealed to the world.
This attack occurred on August 10th, when Ahmed Mansoor, a Rights defender in the United Arab Emirates, began to receive suspicious text messages. These messages claimed to contain information about U.A.E citizens being tortured.
Since Mr. Mansoor had been tracked by spyware several times before, instead of clicking the link in the messages, he turned to security researchers at the Citizen Labs. These messages were then confirmed as a hook to infect his iPhone.
It is believed that this intrusion targeting Apple products is from an Israeli company named NSO Group. This digital arms dealer sells software used to track target’s mobile devices.
Once infected by the spyware, users’ text messages, emails, calls, and contacts are exposed to attackers. Moreover, the spyware can even be used to collect passwords and users’ location information.