The iPhone security flaw allows anyone with the proper skill to gain control of your device remotely without you ever knowing. That means they can activate your camera to spy on you, hear your phone calls, see what you type and who you type it to and more. The risks can not be overstated. To ensure you’re protected from any harmful intruders, go to the Settings app on your iOS device. Tap General, then tap Software Update. Your iPhone will check for updates and if you’re on the latest release, which at the time of writing is 9.3.5, you’re all set and out of harm’s way. Otherwise, tap to download and install the update, then wait for your phone to restart. iOS 9.3.5 successfully patches the zero-day vulnerability and boosts your iPhone security.
The Discovery of the Zero-Day
Human rights activist Ahmed Mansoor with the help of Citizen Lab discovered the iOS vulnerability. On Aug. 10, 2016 and Aug. 11, Mansoor received two text messages prompting him to open links. The messages promised that if he did, he’d receive new information about tortures going on in United Arab Emirates jails. Despite being relevant to his field of work, he found the messages suspicious and opted to not open the links. Instead, he had the good people at Citizen Lab, look into the links. “We recognized the links as belonging to an exploit infrastructure connected to NSO Group, an Israel-based ‘cyber war’ company that sells Pegasus, a government-exclusive ‘lawful intercept’ spyware product,” Citizen Lab wrote in a press release. “The ensuing investigation, a collaboration between researchers from Citizen Lab and from Lookout Security, determined that the links led to a chain of zero-day exploits that would have remotely jailbroken Mansoor’s stock iPhone 6 and installed sophisticated spyware.” Citizen Lab notified Apple immediately. According to Quartz, the vulnerability got sent in to Apple on Aug. 12. Apple responded promptly enough to provide a patch three days later on Aug. 15. Both Citizen Lab’s press release and Apple’s patch via iOS 9.3.5 went live earlier today. “I’m a regular target for the authorities here,” Mansoor told The Washington Post. “Every time they get new spyware, they seem to try it out on me.” I can’t stress enough the importance of updating to iOS 9.3.5. If you are on any version of iOS prior, you are at risk of an iPhone security violation as Mansoor was. Also, as a word of advice, never tap on any links you get in messages or emails that you are suspicious about. Odd timing, odd wording, unknown senders… these are all clues that should deter you from clicking received links as they could be dangerous.