Apple Issues Global iOS Update after Scary Spyware Discovery

Apple has made haste in releasing a global security update to its iOS software after security researchers discovered a failed attempt by malicious hackers to break into an activist’s iPhone.

A new three-pronged iPhone exploit that effectively achieves a complete compromise of one’s iPhone with a simple tap of a finger was discovered by security researchers and Apple has moved quickly to patch the vulnerability.

Ahmed Mansour, an Arab activist received two messages on his iPhone 6 on August 10. The messages claimed to offer information about dissidents tortured in prisons in the United Arab Emirates. Both messages had individual links, purporting to redirect to a website where Mansour could obtain more information.

For his part, Mansour was cautious and immediately forwarded the messages to Citizen Lab, a security firm which shared the messages and investigated the messages along with another security firm, Lookout Mobile.

What they found was a never-before-encountered exploit, which when used, took complete control over the targeted iPhone.

The exploit was dubbed “Trident” for the three separate zero-day exploits used, all in the same attack.

The first exploit targeted a vulnerability in Safari, tricking the phone into launching a browser session. The second targeted the phone’s kernel. The third, replaced the kernel, effectively becoming a part of the iOS software.

If triggered, the exploit would be able to read text messages, listen in and record phone calls, track users’ locations, collect passwords as well as gather data from apps such as Gmail, Facebook, Skype and more.

Mike Murray, VP of Security Research and Response at Lookout shed further information on the Trident exploit:

The Trident vulnerability chain is the first that anyone’s seen of a one-click remote jailbreak of an Apple device. It’s the smoking gun active mobile threat that we’ve always known existed but didn’t yet have proof of.

This demonstrates that highly resourced actors see the mobile platform as a fertile target for gathering information about targets and regularly exploit the mobile environment for this purpose.

The investigation traced the exploit to a spyware firm called NSO Group, an Israeli firm that routinely sells its wares to governments around the world.

The exploit affects all iOS versions up to and including 9.3.4. Today, Apple released an update, iOS 9.3.5, containing the patch. LIFARS recommends readers running iOS 9.3.4 or older to update their devices immediately.

Image credit: Pixabay.