Apple releases 'important security update' for iPhone after spyware discovery

The patch comes after the discovery of spyware circulating in the Middle East.

iphone-se-49.jpg
Image: Sarah Tew/CNET

Apple has released a security fix for iPhones and iPads following the discovery of malware targeting the platform that was found circulating in the Middle East.

The iPhone and iPad maker released the patch, iOS 9.3.5, on Thursday, calling it an "important security update".

If the FBI found its own iPhone backdoor, should it show Apple?

Using a zero-day flaw to bypass an iPhone's security is a backdoor by another name.

The patches fix three vulnerabilities, dubbed "Trident" by security firm Lookout, which could be used to access the device's location, read contacts, texts, calls, and emails, as well as turn on the device's microphone.

The company said that spyware that exploited the vulnerabilities were developed by an Israel-based company specializing in zero-day exploits.

Citizen Lab explained in a blog post that it had uncovered an operation by the security services of the United Arab Emirates to try to get into the iPhone of a renowned human rights defender, Ahmed Mansoor.

The Canada-based security lab said that the UAE, which has long been criticized for its poor human rights record, could turn an affected iPhone into "a sophisticated bugging device", adding:

"They would have been able to turn on his iPhone's camera and microphone to record Mansoor and anything nearby, without him being wise about it. They would have been able to log his emails and calls -- even those that are encrypted end-to-end. And, of course, they would have been able to track his precise whereabouts," said the blog post.

Lookout said that the flaws included a memory corruption flaw in WebKit, which would let an attacker exploit a device when a user clicks on an affected link. Two other kernel vulnerabilities would let an attacker jailbreak the device, and then the attacker can silently install malware to carry out surveillance.

Apple fixed the vulnerabilities within 10 days of being informed by Citizen Lab and Lookout.

A spokesperson for Apple said in an email to ZDNet: "We advise all of our customers to always download the latest version of iOS to protect themselves against potential security exploits."

Users can install the update over the air through the phone or tablet's settings.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All