A government agency using private-market spyware hastened the release of iOS 9.3.5
NSO Group is the reason why you should probably install iOS 9.3.5.
Apple released the update today to address three previously unknown vulnerabilities that were exploited two weeks ago when spyware from the Israel-based organization targeted Ahmed Mansoor, a human rights activist hailing from the United Arab Emirates.
“New secrets about torture of Emiratis in state prisons,” a text read with a URL that may have represented The Emirates Foundation.
Mansoor, who’s been hacked by government agencies before, decided to put the message to Citizen Lab, a cybersecurity rights project of the University of Toronto.
A joint report by Citizen Lab and security firm Lookout stated that the malware found within the link was “one of the most sophisticated pieces of cyberespionage software we’ve ever seen.”
In an oversimplification, the zero-days chained like this: one allowed arbitrary code execution if a certain website is accessed. That code could install a program that could elevate its own kernel privileges (via jailbreak) and then leak kernel memory everywhere. Apple was notified by Citizen Lab and Lookout on August 15. Again, the fix came today.
Motherboard reports that NSO’s “Pegasus” virus can seep into an iPhone, then intercept and steal any data or communications inside of it. With the dissection and disposal of Pegasus, we know just a little bit more about NSO, but not much.
A statement from NSO regarding the situation reads in part:
The company sells only to authorized governmental agencies, and fully complies with strict export control laws and regulations. Moreover, the company does NOT operate any of its systems; it is strictly a technology company. The agreements signed with the company’s customers require that the company’s products only be used in a lawful manner. Specifically, the products may only be used for the prevention and investigation of crimes.