View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
August 26, 2016

Apple patches iOS flaws that allow iPhone hack

News: iOS spyware revealed in attempted cyber attack on human rights lawye.

By Alexander Sword

Apple has patched a vulnerability in the iOS operating system that hackers tried to exploit to spy on the smartphone of a human rights lawyer.

Citizen Lab and Lookout Security were alerted by Ahmed Mansoor, a member of Human Rights Watch’s advisory committee, who was sent two text messages containing hyperlinks and promising information about detainees in United Arab Emirates prisons. Mansoor forwarded the message to Citizen Lab’s Bill Marczak.

The firms found that the attack was using three critical iOS zero-day vulnerabilities, collectively termed Trident, that together form an attack chain that subverts Apple’s security environment.

This attack is a particularly menacing one because it was found ‘in the wild’ or in active use by cyber attackers, rather than discovered by security researchers in a lab.

According to Citizen Lab, Trident is used in a spyware product called Pegasus, which is developed by an organization called NSO Group.

If successful, the malware would have been able to completely take over the iPhone, including getting access to all information on it and being able to remotely monitor the communications going through it.

This could have included using the iPhone’s camera and microphone to record activity in the device’s physical vicinity, as well as physically tracking its location.

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

Apple, which had been alerted of the vulnerability prior to Citizen Lab and Lookout going public with it, issued three security updates to patch the vulnerabilities.

Lookout said in a blog post that it believed that the spyware had been in the wild for a “significant amount of time”.

It said that it was being used to attack high-value targets.

Security companies urged all iPhone users to update their iPhones immediately.

“The fact that this particular exploit took advantage of three vulnerabilities to accomplish complete control shows how advanced and committed the authors are,” said Travis Smith, Senior Security Research Engineer at Tripwire.

He said that while the exploit was currently targeting high profile targets such as Mansoor, the exploit could eventually be used to target wider audiences.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU