US: Apple issues update after security flaws laid bare

Tech giant releases emergency fixture after UAE dissident Ahmed Mansoor flags spyware created by Israeli company.

iPhones sit on display during a preview event at the new Apple Store Williamsburg in Brooklyn, New York
Apple told various US media outlets that it has now fixed the vulnerabilities [Andrew Kelly/Reuters]

Apple has issued a security update to fix vulnerabilities found after fierce spyware created by an Israeli firm was used to target an Emirati dissident, US media reported.

The tech giant released its latest iOS version, 9.3.5, on Thursday, which The New York Times said was meant to fix three security vulnerabilities in Apple products.

Those vulnerabilities had been targeted by the NSO Group, an Israeli spyware company, which has created a product that can rifle through a phone to read texts, track calls and record sounds, among other capabilities, The New York Times reported.

Apple told various US media outlets that it fixed the vulnerabilities as soon it learned about them.

The spyware was detected when used against Ahmed Mansoor, a human rights activist in the United Arab Emirates, who has been repeatedly targeted using spyware.

Suspicious message

After receiving a suspicious text with a link, he reported the matter to the University of Toronto’s Citizen Lab, which worked in conjunction with San Francisco-based mobile security firm Lookout to investigate the issue, USA Today reported.

“The attack allows an adversary to silently jailbreak an iOS device and stealthily spy on victims, collecting information from apps including Gmail, Facebook, Skype, WhatsApp, Calendar, FaceTime, Line, Mail.Ru, and others,” Lookout said in a blog post.

John Scott-Railton, one of the authors of a report issued by Citizen Lab, said researchers had traced the link on Mansoor’s phone to NSO Group, USA Today reported.

However it was not known which country or entity had used the spyware to target him.

“This discovery is further proof that mobile platforms are fertile ground for gathering sensitive information from target victims, and well-resourced threat actors are regularly exploiting that mobile environment,” Lookout said in its blog post.

Apple users are being advised to install the latest update.


Source: AP