Software Integrity Blog


Dangerous iOS flaws patched in emergency update

iPhone and iPad users should update their iOS software to the latest release version as soon as possible following the disclosure of three dangerous vulnerabilities on Thursday.

Researchers from Toronto-based Citizens Lab, working with Lookout, said they had discovered three zero days, vulnerabilities not previously known to Apple or others, which could allow third parties to access the phone’s camera, microphone, and eavesdrop on communications using social networks. The vulnerabilities came to light when a human rights activist, Ahmed Mansoor, from the United Arab Emirates became concerned about a link he’d received and forwarded it to Citizens Lab for analysis.

Citizens Lab has a reputation for ferreting out government surveillance programs. Its director, Ronald Gilbert, authored a book, Black Code, in part telling about his organizations determination that the Chinese government had been accessing the private email of the Dali Lama.

“Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements,” Citizen Lab wrote in a report on Thursday.

Reuters said that Citizens Lab had traced the zero day exploits to a private seller of monitoring systems, NSO Group, an Israeli company that makes software for governments which can secretly target mobile phones and gather information. NSO Chief Executive Shalev Hulio referred questions by Reuters to spokesman Zamir Dahbash, who said the company “cannot confirm the specific cases.”

iPhone and iPad users are encouraged to update to iOS version 9.3.5 as soon as possible.


More by this author