Apple has patched three critical vulnerabilities in iOS
that were identified when an attacker targeted a human rights activist
in the UAE with an exploit chain that used the bugs to attempt to
remotely jailbreak and infect his iPhone. The vulnerabilities include
two kernel flaws and one in WebKit and Apple released iOS 9.3.5 to fix them.
The attack that set off the investigation into the vulnerabilities targeted Ahmed Mansoor, an activist living in the UAE.
Earlier this month, he received a text message that included a link to
what was supposedly new information on human rights abuses. Suspicious,
Manor forwarded the link to researchers at the University of Toronto's
Citizen Lab, who recognized what they were looking at. "On August 10 and
11, 2016, Mansoor received SMS text messages on his iPhone promising
;new secrets' about detainees tortured in UAE jails if he clicked on an
included link. Instead of clicking, Mansoor sent the messages to Citizen
Lab researchers. We recognized the links as belonging to an exploit
infrastructure connected to NSO Group, an Israel-based 'cyber war'
company that sells Pegasus, a government-exclusive "lawful intercept"
spyware product," Citizen Lab said in a new report on the attack and iOS flaws.
***
Folks, if you haven't already done it, update your iPhones and your iPads this very minute!!!
I can't tell you enough how serious this is.
No comments:
Post a Comment