Skip to comments.
APPLE BOOSTS IPHONE SECURITY AFTER MIDEAST SPYWARE DISCOVERY
AP Paris ^
| August 25, 2016
Posted on 08/25/2016 10:35:00 AM PDT by Swordmaker
PARIS (AP) -- Apple says it is issuing a security update after powerful espionage software was found targeting an activist's iPhone in the Middle East.
Computer forensics experts tell The Associated Press the spyware takes advantage of three previously undisclosed weaknesses in Apple's mobile operating system to take complete control of iPhone handsets.
Two reports published Thursday by the San Francisco-based Lookout and internet watchdog group Citizen Lab outline how the spyware could compromise an iPhone with the tap of a finger, a trick so coveted in the world of cyberespionage that one spyware broker said last year that it had paid a $1 million dollar bounty to programmers who'd found a way to do it.
Apple said in a statement that it fixed the vulnerability immediately after learning about it.
(Excerpt) Read more at hosted.ap.org ...
TOPICS: Business/Economy; Computers/Internet
KEYWORDS: applepinglist; malware
Navigation: use the links below to view more comments.
first 1-20, 21-40, 41-51 next last
The update is NOW available to close the vulnerability. Download and install it from Settings/General/Software update on your iPhone and iPad. This updates iOS to 9.3.5.
This update is for iPhone 4s and later, iPad 2 and later, and iPod touch (5th generation) and later.
This is apparently a very targeted, commercial exploit from a security firm who sells access to state agencies. It might have been the one that Apple was outbid on in the white hat security conference last month by a private concern who paid $1 million for a vulnerability because they wanted to monetize it.
More info from the New York Times:
Apple Software Vulnerability Is Linked to Intrusions
By NICOLE PERLROTH AUG. 25, 2016
SAN FRANCISCO One of the worlds most evasive digital arms dealers is believed to have been taking advantage of three security vulnerabilities in popular Apple products in its efforts to spy on dissidents and journalists.
Investigators discovered that a company called the NSO Group, an Israeli outfit that sells software that invisibly tracks a targets mobile phone, was responsible for the intrusions. The NSO Groups software can read text messages and emails and track calls and contacts. It can even record sounds, collect passwords and trace the whereabouts of the phone user.
In response, Apple on Thursday released a patched version of its mobile software, iOS 9.3.5. Users can get the patch through a normal software update.
Apple fixed the holes 10 days after a tip from two researchers, Bill Marczak and John Scott Railton, at Citizen Lab at the University of Torontos Munk School of Global Affairs, and Lookout, a San Francisco mobile security company.
We advise all of our customers to always download the latest version of iOS to protect themselves against potential security exploits, said Fred Sainz, a company spokesman.
In interviews and manuals, the NSO Groups executives have long boasted that their spyware worked like a ghost, tracking the moves and keystrokes of its targets, without leaving a trace. But until this month, it was not clear how exactly the group was monitoring its targets, or who exactly it was monitoring.
A clearer picture began to emerge on Aug. 10, when Ahmed Mansoor, a prominent human rights activist in the United Arab Emirates, who has been tracked by surveillance software several times, began receiving suspicious text messages. The messages purported to contain information about the torture of U.A.E. citizens.
Correction: August 25, 2016
An earlier version of this article described incorrectly the day when Apple released a patched version of its mobile software, iOS 9.3.5. It was Thursday, not Wednesday.
To: Swordmaker
you are on a political website and have been for some time and yet you never post anything political. Always pumping up Apple. Now do you come here for political news and info , or do you even have a candidate on who you support?
2
posted on
08/25/2016 10:37:56 AM PDT
by
manc
( If they want so called marriage equality then they should support polygamy too.)
To: Swordmaker
Thanks :)
I had to check twice for the update before my phone would load it .
3
posted on
08/25/2016 10:39:46 AM PDT
by
Lera
( 1 Corinthians 15:1-4)
To: dayglored; ThunderSleeps; ~Kim4VRWC's~; 1234; 5thGenTexan; Abundy; Action-America; acoulterfan; ...
Apple has quickly closed an iOS vulnerability that has apparently been used by a commercial security firm to sell an exploit to a state level agency to invade an activists iPhone in the Middle East. iOS update to 9.3.5 is now available on Settings/General/Software Update to close the vulnerability that was used to gain access to the activist's iPhone. This update is for iPhone 4s and later, iPad 2 and later, and iPod touch (5th generation) and later. At last month's White Hat hackers' conference, Apple was outbid for a vulnerability that was discovered by an unknown private bidder who paid $1 million for just such a vulnerability in iOS 9. . . It is likely this commercial company who provided this exploit is the winning bidder. If so, I certainly hope they charged the state level agency enough to get their money back, since Apple has closed that vulnerability so quickly! PING!
Apple iOS Security Update
Ping!
The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.
If you want on or off the Mac Ping List, Freepmail me
4
posted on
08/25/2016 10:45:05 AM PDT
by
Swordmaker
(This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
To: manc
Free Republic is politics only?? who knew, guess we have to stop posting about hurricanes and tornados and riots and shooting and football...........
BTW I saw a post about windows earlier, did you jump on him too??
Get real, I for one appreciate Swordmaker keeping me informed about these things and thats why I’m on the ping list!
5
posted on
08/25/2016 10:48:28 AM PDT
by
Airwinger
( A Militia Of One (Semper Fi))
To: manc
Bullcrap. I’ve seen his numerous posts on the FBI vs Apple litigation. This story is political as hell. AND in any case, you aren’t the hall monitor so STFU.
Sukhoi posts a million airplane stories. Some catholics post Catholic theology things throughout the day. Some people post a lot of stories about Astronomy and physics.
We get stories about music, old movies and art.
Two stories down is a woman winning 10 million on penny slots. Two stories past that is a warning to avoid a kindle app in windows 10 or it’ll brick your machine.
So apple products is his thing, buzz off. All politics and nothing else makes manc a dull boy.
6
posted on
08/25/2016 10:48:35 AM PDT
by
DesertRhino
(Dogs are man's best friend, and moslems hate dogs. Add that up....)
To: manc
you are on a political website and have been for some time and yet you never post anything political. Always pumping up Apple. Now do you come here for political news and info , or do you even have a candidate on who you support? I have posted lots of political things. You just don't see them because you don't pay attention. I also maintain several PING lists, one of which happens to be the Apple/Mac/iOS/iPhone Ping list which has over 750 active Freepers who have asked me to keep the posted on news associated with those subjects. THEY outnumber YOU.
That being said, how does an article about a VULNERABILITY in iOS "pump" Apple? I bet you didn't even bother to read the article did you? You just jumped in and knee-jerked reacted with an Apple hate reaction, didn't you?
7
posted on
08/25/2016 10:48:58 AM PDT
by
Swordmaker
(This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
To: manc
A clearer picture began to emerge on Aug. 10, when Ahmed Mansoor, a prominent human rights activist in the United Arab Emirates, who has been tracked by surveillance software several times, began receiving suspicious text messages. The messages purported to contain information about the torture of U.A.E. citizens.
- - - - -
But this is not political? Man Child, we were really fooled! Honest! ;-)
8
posted on
08/25/2016 10:51:41 AM PDT
by
SubMareener
(Save us from Quarterly Freepathons! Become a MONTHLY DONOR!e)
To: Swordmaker
“That being said, how does an article about a VULNERABILITY in iOS “pump” Apple? “
Elegant response....lol. BTW, I appreciate your very detailed answers to apple questions. I have an S7 for one use, and an IPhone 6s+ for anther. Haven’t fully gone apple yet, but am going to for an upcoming laptop replacement. Learning some interesting things from your posts.
9
posted on
08/25/2016 10:54:13 AM PDT
by
DesertRhino
(Dogs are man's best friend, and moslems hate dogs. Add that up....)
To: Swordmaker
“.... in its efforts to spy on dissidents and journalists.”
This is becoming a norm. It should be a stop the press despotic government red flashing light. Domestic spying on someone who philosophically disagrees, or a journalist who might expose truth.
This is sick Stasi crap.
10
posted on
08/25/2016 10:57:16 AM PDT
by
DesertRhino
(Dogs are man's best friend, and moslems hate dogs. Add that up....)
To: Swordmaker
Then I must go through your past posts more then , because I have never seen you post where you stand politically.
11
posted on
08/25/2016 11:00:48 AM PDT
by
manc
( If they want so called marriage equality then they should support polygamy too.)
More information on the exploit and who and how:
The Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender
August 24, 2016 Categories: Bill Marczak, John Scott-Railton, Reports and Briefings
Authors: Bill Marczak and John Scott-Railton, Senior Researchers at the Citizen Lab, with the assistance of the research team at Lookout Security.
Media coverage: The New York Times, Motherboard
This report describes how a government targeted an internationally recognized human rights defender, Ahmed Mansoor, with the Trident, a chain of zero-day exploits designed to infect his iPhone with sophisticated commercial spyware.
1. Executive Summary
Ahmed Mansoor is an internationally recognized human rights defender, based in the United Arab Emirates (UAE), and recipient of the Martin Ennals Award (sometimes referred to as a Nobel Prize for human rights). On August 10 and 11, 2016, Mansoor received SMS text messages on his iPhone promising new secrets about detainees tortured in UAE jails if he clicked on an included link. Instead of clicking, Mansoor sent the messages to Citizen Lab researchers. We recognized the links as belonging to an exploit infrastructure connected to NSO Group, an Israel-based cyber war company that sells Pegasus, a government-exclusive lawful intercept spyware product. NSO Group is reportedly owned by an American venture capital firm, Francisco Partners Management.
The ensuing investigation, a collaboration between researchers from Citizen Lab and from Lookout Security, determined that the links led to a chain of zero-day exploits (zero-days) that would have remotely jailbroken Mansoors stock iPhone 6 and installed sophisticated spyware. We are calling this exploit chain Trident. Once infected, Mansoors phone would have become a digital spy in his pocket, capable of employing his iPhones camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements.
We are not aware of any previous instance of an iPhone remote jailbreak used in the wild as part of a targeted attack campaign, making this a rare find.
Excerpt, Read more at the source: Citizen Lab.Org
12
posted on
08/25/2016 11:01:31 AM PDT
by
Swordmaker
(This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
To: DesertRhino
Tell you what , before you chime in again then get a grip and don’t tell me to STFU
13
posted on
08/25/2016 11:01:57 AM PDT
by
manc
( If they want so called marriage equality then they should support polygamy too.)
To: manc
STFU...hows that? You sure have an “in charge of the site” complex today.
14
posted on
08/25/2016 11:40:40 AM PDT
by
DesertRhino
(Dogs are man's best friend, and moslems hate dogs. Add that up....)
To: manc
There is no requirement for ‘Swordmaker’ nor anyone else to post where they stand politically. I’ve been here since Bob Dole was running for President and never heard of such a requirement, anyway.
15
posted on
08/25/2016 11:57:07 AM PDT
by
donozark
(My thoughts are not very deep. But they are of and inquisitive nature.)
To: DesertRhino
speaks you who piped up and butted in and then states STFU, do one and get off your high horse.
16
posted on
08/25/2016 12:25:54 PM PDT
by
manc
( If they want so called marriage equality then they should support polygamy too.)
To: donozark
No there is not, but when you see a poster always posting about Apple then it begs the question does he work for Apple and wants to promote it.
17
posted on
08/25/2016 12:27:01 PM PDT
by
manc
( If they want so called marriage equality then they should support polygamy too.)
To: Swordmaker
Thanks for the heads up. Done.
To: manc
but when you see a poster always posting about Apple then it begs the question does he work for Apple and wants to promote it. Get a grip. There is no reason an Apple employee could not sign up here and provide a free notification.
Swordmaker provides a *volunteer* free notification service. Perfectly fine here.
Why aren't you posting political stuff, instead of posting on an apple thread? Hmmmmmm?
To: manc; donozark
No there is not, but when you see a poster always posting about Apple then it begs the question does he work for Apple and wants to promote it. You've had that question answered multiple times on multiple threads, yet you keep trolling Apple themed threads to keep raising it over and over again. You are the one with the agenda.
20
posted on
08/25/2016 2:10:31 PM PDT
by
Swordmaker
(This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
Navigation: use the links below to view more comments.
first 1-20, 21-40, 41-51 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson