Apple on August 25 issued a patch through iOS 9.3.5 update to fix dangerous security flaw in iPhone and iPads.
“We were made aware of this vulnerability and immediately fixed it with iOS 9.3.5. We advise all of our customers to always download the latest version of iOS to protect themselves against potential security exploits,” said Apple.
The flaw came into light, when Ahmed Mansoor, a prominent human right activist in the United Arab Emirates, began receiving text messages from an unknown entity. The messages claimed to contain “secret” information about torture happening in prisons of UAE, and invited him to click on a web link for further information. However, due to his suspicion, instead of clicking the link he passed the message to researchers at the University of Toronto’s Citizen Lab for investigation.
Had he opened the link, his phone would have become a spy tool without him acknowledging about it.
"Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements," Citizen Lab wrote in a report.
Experts at Citizen Labs, with the help of Lookout, a San Francisco-based mobile security company, discovered three dangerous flaws in Apple’s previous operating system iOS 9.3.4, which could have let intruders to track owner’s calls, text messages, email, contacts, passwords, and trace whereabouts of the phone users.
In response to secure their consumers, within 10 days Apple pushed an over-the-air (OTA) update version 9.3.5, fixing the vulnerabilities found during the research.
According to Apple’s support page, the update mainly fixes the vulnerabilities detected by researchers from Citizen Lab and Lookout, which could be exploited by vicious intruders to spy on dissidents like Ahmed Mansoor or even journalists.
Researchers suggested the NSO Group, an Israeli software company that sells software that invisibly tracks a target’s mobile phone, was responsible for the intrusion reported by Mansoon. According to the researchers, the NSO group had designed to tools to impersonate those of Red Cross, Facebook, Al Jazeera, CNN, Federal Express, Google and even Pokemon Company to gain trust of its targets. The security flaws were named to be “zero-days” as Apple didn’t know about them and had zero days to fix them.
The update is available for iPhone 4S, iPad 2, iPod touch (fifth generation) and above models.
