Apple patches three zero-day exploits after activist is hacked
TUAW - The Unofficial Apple Weblog
Apple has rolled out a patch for three previously unknown zero-day exploits
that were used to hack into the iPhone 6 of Ahmed Mansoor, an award-winning
human rights activist based in the United Arab Emirates. Security company
Lookout and internet watchdog group Citizen Lab investigated the attack on
Mansoor's iPhone and found it to be the product of NSO Group, a "cyber war"
organization based in Israel that's responsible for distributing a powerful,
government-exclusive spyware product called Pegasus.
The hack took advantage of three zero-day exploits that allowed the attackers
to jailbreak Mansoor's iPhone and install spyware to track his movements,
record his WhatsApp and Viber calls, log his messages and access his microphone
and camera. Given the high cost of iPhone zero-days and the use of a
government-specific spyware product, Citizen Lab believes the UAE is behind the
hack. The UAE has previously targeted Mansoor.
"We are not aware of any previous instance of an iPhone remote jailbreak used
in the wild as part of a targeted attack campaign, making this a rare find,"
Citizen Lab writes.
Once Citizen Lab discovered the zero-days, it contacted Apple and says the
company responded promptly. Apple released a software update today, iOS 9.3.5,
that addresses the three flaws.
Original Article:
https://www.engadget.com/2016/08/25/apple-iphone-security-flaw-update-activist-hack/
Sent from my iPhone
