August 26, 2016 by

Apple Issues Global iOS Update after Scary Spyware Discovery

Apple has made haste in releasing a global security update to its iOS software after security researchers discovered a failed attempt by malicious hackers to break into an activist’s iPhone.

A new three-pronged iPhone exploit that effectively achieves a complete compromise of one’s iPhone with a simple tap of a finger was discovered by security researchers and Apple has moved quickly to patch the vulnerability.

Ahmed Mansour, an Arab activist received two messages on his iPhone 6 on August 10. The messages claimed to offer information about dissidents tortured in prisons in the United Arab Emirates. Both messages had individual links, purporting to redirect to a website where Mansour could obtain more information.

For his part, Mansour was cautious and immediately forwarded the messages to Citizen Lab, a security firm which shared the messages and investigated the messages along with another security firm, Lookout Mobile.

What they found was a never-before-encountered exploit, which when used, took complete control over the targeted iPhone.

The exploit was dubbed “Trident” for the three separate zero-day exploits used, all in the same attack.

The first exploit targeted a vulnerability in Safari, tricking the phone into launching a browser session. The second targeted the phone’s kernel. The third, replaced the kernel, effectively becoming a part of the iOS software.

If triggered, the exploit would be able to read text messages, listen in and record phone calls, track users’ locations, collect passwords as well as gather data from apps such as Gmail, Facebook, Skype and more.

Mike Murray, VP of Security Research and Response at Lookout shed further information on the Trident exploit:

The Trident vulnerability chain is the first that anyone’s seen of a one-click remote jailbreak of an Apple device. It’s the smoking gun active mobile threat that we’ve always known existed but didn’t yet have proof of.

This demonstrates that highly resourced actors see the mobile platform as a fertile target for gathering information about targets and regularly exploit the mobile environment for this purpose.

The investigation traced the exploit to a spyware firm called NSO Group, an Israeli firm that routinely sells its wares to governments around the world.

The exploit affects all iOS versions up to and including 9.3.4. Today, Apple released an update, iOS 9.3.5, containing the patch. LIFARS recommends readers running iOS 9.3.4 or older to update their devices immediately.

Image credit: Pixabay.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Apple Partners Allianz to Offer CyberCrime Insurance Perks

A new partnership between Apple, Cisco and insurance firm Allianz SE will see businesses using...

Read more arrow_forward

Happy New Year: Researcher Drops MacOS Zero-Day Root Access Kernel Exploit

To ring in the new year, a security researcher on New Year’s Day disclosed an unpatched security...

Read more arrow_forward

Apple Pushes Update to Fix Major Mac OS Vulnerability

Apple has issued an emergency patch after admitting to a major security flaw that enabled anyone to...

Read more arrow_forward