Apple issues software patch for iOS apparently against Govt sponsored attacks

If you thought that you are at risk of cyber-attacks only from hackers or criminals, think again. There is an equal, if not a bigger threat from state governments as well as reveals this piece of news. Apple,on Thursday, issued a patch update to iOS called 9.3.5 to fix a dangerous security hole in iPhones and iPads which reportedly addresses such spyware attacks by agencies and government on citizens working against them.

The case involves a prominent United Arab Emirates activist who received suspicious text messages promising to give secret information. Since he had received fraudulent messages earlier also, he reported those messages to researchers at the University of Toronto's Citizen Lab. Investigations by the research team at the lab exposed a serious security breach involving three zero-day attacks. These involve execution of an arbitrary code through WebKit, gaining kernel access, and then executing code within the kernel.

Usually, even a single zero-day attack is rare and dangerous and hardly anyone has heard of three simultaneous attacks. These three attacks, named Trident, could have resulted into a one-step jailbreak of the phone. It would give access to all phone data and communication in the absence of any security patch.

The researchers said that they had alerted Apple, which developed a fix and distributed it as an automatic update to iPhone 6 owners.

Apple confirming that the company had issued the patch after being contacted by researchers about the issue said, “We were made aware of this vulnerability and immediately fixed it with iOS 9.3.5. We advise all of our customers to always download the latest version of iOS to protect themselves against potential security exploits.”

The Citizen Lab team attributed the attack software to a private seller of monitoring systems, NSO Group, an Israeli company that makes software for governments which can secretly target a user's mobile phone and gather information from it. Such tools, known as remote exploits, cost as much as $1 million.

“Citizen Lab and others have repeatedly demonstrated that advanced “lawful intercept” spyware enables some governments and agencies, especially those operating without strong oversight, to target and harass journalists, activists, and human rights workers. If spyware companies are unwilling to recognize the role that their products play in undermining human rights, or address these urgent concerns, they will continue to strengthen the case for further intervention by governments and other stakeholders,” Citizen Lab said in a statement.