Procurement News Notice |
|
PNN | 3894 |
Work Detail | Apple issued a security update to prevent attacks by rare, powerful and highly expensive spyware that exploits flaws in the mobile operating system for iPhones and iPads, after security researchers said it was used to target a Middle Eastern dissident's phone. In a statement to USA TODAY, Apple said it immediately fixed the vulnerability upon learning of it. It advises customers to download the latest version of its iOS, version 9.3.5, for security protection. The Associated Press, which first reported on the patch, said powerful espionage software was found targeting Ahmed Mansoor, a prominent United Arab Emirates dissident. Mansoor received a text message on his iPhone 6 that invited him to click on a web link, and forwarded the message to researchers at the University of Toronto's Citizen Lab. Researchers there worked with San Francisco-based Lookout. In a blog post Thursday on that mobile security company's website, researchers said they found a “sophisticated, targeted, and persistent mobile attack on iOS using three zero-day vulnerabilities we call ‘Trident.’” Citizen Lab traced the link to NSO Group, which it calls a “cyberwar” company in Israel that sells a spyware product called Pegasus, said John Scott-Railton, one of the Citizen Lab report's authors. The cost of such sophisticated and powerful spyware is very high. A set of similar digital tools recently sold for $1 million, Citizen Lab's Scott-Railton and his co-author, Bill Marczak, wrote in an online report posted Thursday. The flaw lets the hacker break into an iOS device and spy on information gleaned from the victims' apps such as Facebook, WhatsApp, FaceTime, Gmail and Calendar, the post said. "As security breaches go, this is fairly serious, considering how fast Apple addressed it," says Andrew Blaich, a staff researcher at Lookout. Internet watchdog group Citizen Lab discovered the security hole a few weeks ago and immediately notified Apple, Blaich said. The Citizen Lab does not know what organization or government was behind the attempted hack of Mansoor’s iPhone, but Scott-Railton did note that a likely suspect would be the United Arab Emirates. Mansoor has been unable to leave the country since 2011 after his passport was taken. The disclosure offers fresh evidence that mobile platforms are “fertile ground for gathering sensitive information,” the post said. How widespread use of the malware is, is not clear, said Scott-Railton. The Citizen Lab believes that similar software from the NPO Group was used to target a Mexican journalism, Rafael Cabrera, who was reporting on a scandal involving Mexico’s president. Apple strengthens security Apple is clearly aware of the threat. Earlier this month, it beefed up security efforts with its first bug bounty program, with awards up to $200,000 for security researchers for each software bug they find that compromises Apple products. It debuted the program at Black Hat, an influential computer security conference in Las Vegas. Many companies already offer such programs. The announcement came on the heels of a showdown between Apple and the FBI over the feds’ demand that Apple help in its attempts to crack an iPhone 5C used by San Bernardino, Calif., shooter Syed Rizwan Farook. The FBI ditched its legal fight against Apple after it hired an unnamed firm to break into the iPhone without Apple's help. |
Country | United States , Northern America |
Industry | Cyber Security |
Entry Date | 03 Sep 2016 |
Source | http://www.khou.com/tech/apple-issues-security-update-to-prevent-iphone-spyware/308354292 |