Owners of Apple's mobile devices should download and install the iOS 9.3.5 update immediately, as it contains fixes for zero-day exploits on the mobile operating system that will allow hackers to hijack devices.
The vulnerabilities and the espionage software that exploits them were discovered by researchers, as it was used on prominent United Arab Emirates human rights activist Ahmed Mansoor.
As detailed by Motherboard, Mansoor received a text message on his iPhone from a number that he did not recognize. The text message came with a link, which Mansoor, who has already been previously targeted by government hackers using commercial spyware tools, did not click on.
Mansoor forwarded the message to Citizen Lab researcher Bill Marczak. The link was then analyzed to lead to sophisticated malware that exploited a total of three vulnerabilities in the iOS 9 that were previously unknown.
Through the malware, hackers would have been able to hijack Mansoor's iPhone and remotely control or monitor the device. They would have also been able to gain access to the smartphone's microphone and camera, record audio calls made even through apps with end-to-end encryption such as WhatsApp, retrieve stored files and track the device's location. All of Mansoor's passwords on the apps installed on his iPhone would also have been exposed to the attackers.
The exploit essentially conducts a remote jailbreak on the iPhone, with the technology and tools needed to conduct such an attack bearing value of as much as $1 million. After Apple was alerted about the vulnerabilities by a report from Citizen Lab, it was able to release the iOS 9.3.5 update just 10 days after, showing the seriousness of the exploit.
The discovery of such advanced malware to spy on individuals is a big deal but should not come as a surprise, according to Stanford University senior research scholar for cyber policy and security Herb Lin, as there are many groups focused on creating such tools operating in the shadows.
In the report that Citizen Lab released regarding the incident, the chain of exploits, which has been named the Trident, has been linked to the NSO Group. The "cyber war" company is based in Israel, and it is owned by private equity firm Francisco Partners Management, which is based in San Francisco.
The Pegasus software, one of the products being offered by the NSO Group, was described as a "lawful intercept" spyware tool that is exclusive for government use. Pegasus is apparently the package that is being delivered to target devices after the breach of Trident, and given this information, along with the high cost of the attack and the previous targeting made on Mansoor, Citizen Lab believes that the UAE government is the one behind the hacking attempt.
There is no way to determine just how widely used the exploits are, though details suggest that they were mostly deployed against individual targets as opposed to mass attacks. Nevertheless, owners of iOS-powered devices such as the iPhone and iPad should definitely download the iOS 9.3.5 update right now in order to be protected against such attacks.