Latest in Gear

Image credit:

Apple patches three zero-day exploits after activist is hacked

Cyber crime group NSO targeted human rights defender Ahmed Mansoor in the United Arab Emirates, Citizen Lab reports.
1437 Shares
Share
Tweet
Share

Sponsored Links

Apple has rolled out a patch for three previously unknown zero-day exploits that were used to target the iPhone 6 of Ahmed Mansoor, an award-winning human rights activist based in the United Arab Emirates. Security company Lookout and internet watchdog group Citizen Lab investigated the attack on Mansoor's iPhone and found it to be the product of NSO Group, a "cyber war" organization based in Israel that's responsible for distributing a powerful, government-exclusive spyware product called Pegasus.

The attempted hack took advantage of three zero-day exploits that would have allowed the attackers to jailbreak Mansoor's iPhone and install spyware to track his movements, record his WhatsApp and Viber calls, log his messages and access his microphone and camera. Mansoor did not click on the link sent to his phone that would have enabled these capabilities, instead alerting Citizen Lab researchers.

Given the high cost of iPhone zero-days and the use of a government-specific spyware product, Citizen Lab believes the UAE is behind the attack. The UAE has previously targeted Mansoor.

"We are not aware of any previous instance of an iPhone remote jailbreak used in the wild as part of a targeted attack campaign, making this a rare find," Citizen Lab writes.

Once Citizen Lab discovered the zero-days, it contacted Apple and says the company responded promptly. Apple released a software update today, iOS 9.3.5, that addresses the three flaws.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
1437 Shares
Share
Tweet
Share

Popular on Engadget

Blizzard's cancelled 'StarCraft: Ghost' leaks in playable form

Blizzard's cancelled 'StarCraft: Ghost' leaks in playable form

View
The Galaxy Z Flip's glass screen isn't very durable

The Galaxy Z Flip's glass screen isn't very durable

View
New York AG won't keep fighting T-Mobile merger with Sprint

New York AG won't keep fighting T-Mobile merger with Sprint

View
Tesla ordered to halt early work on its German Gigafactory

Tesla ordered to halt early work on its German Gigafactory

View
'Sonic the Hedgehog' breaks record for a video game movie debut

'Sonic the Hedgehog' breaks record for a video game movie debut

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr