1st September 2016, Kathmandu
Apple was bound to release iOS 9.3.5 update “Emergency” Patch for apple products like iPhone, iPad, etc. after advanced spyware targets the iPhone used by a renowned UAE human rights defender, Ahmed Masoor. So for the safeness of all Apple users, Apple Company needs to take this step.
NSO Group, the world’s most invasive software weapon distributors, has been exploiting the three zero-day security vulnerabilities to spy on dissidents and journalists. Furthermore, the NSO Group is an Israeli firm which sells spying and surveillance which secretly tracks a target’s mobile phone. So the zero-day exploits have allowed the company to produce spyware tools and products to access the device location, contacts, emails, calls logs and even microphone.
Finally, Apple had fixed these three vulnerabilities just within ten days after being informed by two security firms called Citizen Lab and Lookout. And these two have done a joint investigation.
Now let’s know how the Malware was discovered.
On August 10, Mansoor, 46, “Martin Ennals Award” winner from the United Arab Emirates had received a text message on his iPhone from an unknown number. Then he had submitted this message to Citizen Lab researcher Bill Marczak (a San Francisco Mobile Security Company) for the examination purpose. Finally, the researcher came to know that the link led to a piece of malware that exploited three different unknown errors or flaws in Apple’s iOS, which have permitted the attackers to get full control or access of Mansoor’s iPhone.
Links like CVE-2016-4655, CVE-2016-4656, CVE-2016-4657, etc. if clicked, “Mansoor’s iPhone would have been turned into a bugging device controlled by UAE security agencies,” the citizen lab explained. Besides, without concern of Mansoor, they can turn on his iPhone’s camera and microphone to record about him and even control his emails and calls. So it is a great disaster.
Furthermore, the zero-day flaws dubbed “Trident” by the firm contains:
- In Webkit, a memory corruption vulnerability, which allows hackers to exploit a device.
- Two kernel bugs which attackers install secretly to carry out surveillance.
For this reason, Apple Company had requested its customer to install this updated iOS to protect their confidential data on their devices.