If You Have An iPhone, iPad, or iPod Touch, Install iOS 9.3.5 RIGHT NOW!
Apple today released the iOS 9.3.5 security update. And if you run anything that runs iOS, you should update your iDevice right now because it closes some serious zero day vulnerabilities in iOS. Vice has details including a Canadian connection:
On the morning of August 10, Ahmed Mansoor, a 46-year-old human rights activist from the United Arab Emirates, received a strange text message from a number he did not recognize on his iPhone.
“New secrets about torture of Emiratis in state prisons,” read the tantalizing message, which came accompanied by a link.
Mansoor, who had already been the victim of government hackers using commercial spyware products from FinFisher and Hacking Team, was suspicious and didn’t click on the link. Instead, he sent the message to Bill Marczak, a researcher at Citizen Lab, a digital rights watchdog at the University of Toronto’s Munk School of Global Affairs.
As it turned out, the message wasn’t what it purported to be. The link didn’t lead to any secrets, but to a sophisticated piece of malware that exploited three different unknown vulnerabilities in Apple’s iOS operating system that would have allowed the attackers to get full control of Mansoor’s iPhone, according to new joint reports released on Thursday by Citizen Lab and mobile security company Lookout.
Wow. That’s scary. Here’s some details on the company behind this malware:
Since its founding in 2010, NSO has developed a reputation for providing sophisticated malware to governments that need to target cellphones in their investigations, although the use of its tools has never been documented before. The company claims that its products are completely stealthy, like a “ghost.” The company has been so guarded about its wares that it’s never had a website, and has rarely given interviews or any comments to the press. But some information has leaked out, including a sale for $120 million to a US-based venture capital firm in 2014 and a subsequent reported valuation of $1 billion.
NOS’s malware, which the company codenamed Pegasus, is designed to quietly infect an iPhone and be able to steal and intercept all data inside of it, as well as any communication going through it.
And:
Moreover, the malware is programmed with settings that go all the way back to iOS 7, which indicates that NSO has likely been able to hack iPhone devices since the iPhone 5.
If I were you, I would honestly update your iDevice(s) as soon as possible and if you want to get a massive wake up call, I’d read the Vice story as it is very eye opening.
January 23, 2020 at 1:02 pm
[…] right when I started to look back through the blog. The attack vector, and the type of the attack is very similar to an attack on a human rights activist back in 2016. The source of the attack was malware provided by a shadowy company called NSO who is known to sell […]
March 9, 2020 at 10:58 am
[…] and those who are critical of said regimes. They’ve been fingered as being behind exploits in iOS that allegedly ensnared Jeff Bezos and WhatsApp. And it’s the latter that made Facebook who […]
December 21, 2020 at 12:03 pm
[…] to a jailbreak that was in iOS 13 that I wrote about recently. And we’ve seen this before. Specifically an exploit with iOS 9 which was also discovered by Citizen Lab and Apple had to rush out a patch to fix. And allegedly the NSO Group was behind that one as well. […]