A serious security breach was discovered on Apple’s iOS this week that could leave your iPhone vulnerable to a remote jailbreak. Thursday afternoon Apple issued an urgent iPhone and iPad software update (iOS 9.3.5) that includes a patch for the vulnerability. If you haven’t already done so, you should install the new version immediately.
This is the first known remote jailbreak of a iPhone. According to researchers at Citizen Lab, it was discovered when human rights activist Ahmed Mansoor received a text message on his phone promising “new secrets” about detainees tortured in United Arab Emirates jails if he clicked on links included in the message. Mansoor, who has been targeted with spyware attacks twice before, became suspicious and sent the message to Citizen Lab.
The researchers say that if Mansoor had clicked on the links, which led to a series of zero-day exploits, sophisticated spyware would have been installed on his phone and what could have happened next is terrifying:
Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements.
Citizen Lab contacted Apple immediately about the security risk, setting in motion the process that led to today’s iOS update.
According to Citizen Lab, the links in the text message belong to “an exploit infrastructure connected to NSO Group, an Israel-based ‘cyber war’ company that sells Pegasus, a government-exclusive ‘lawful intercept’ spyware product.” NSO Group is reportedly owned by Francisco Partners Management, an American venture capital firm.
“The high cost of iPhone zero-days, the apparent use of NSO Group’s government-exclusive Pegasus product, and prior known targeting of Mansoor by the UAE government provide indicators that point to the UAE government as the likely operator behind the targeting,” they said.
Citizen Lab notes in the report that “the iPhone has a well-deserved reputation for security” and because the platform is tightly controlled by Apple, security exploits are “rare and expensive.”
To make sure your phone is protected from this security threat, go to the settings and then “software update.”