Apple Fixes Three Zero Days Used In Targeted Attack

Trailrunner7 quotes a report from On The Wire: Apple has patched three critical vulnerabilities in iOS that were identified when an attacker targeted a human rights activist in the UAE with an exploit chain that used the bugs to attempt to remotely jailbreak and infect his iPhone. The vulnerabilities include two kernel flaws and one in WebKit and Apple released iOS 9.3.5 to fix them.

The attack that set off the investigation into the vulnerabilities targeted Ahmed Mansoor, an activist living in the UAE. Earlier this month, he received a text message that included a link to what was supposedly new information on human rights abuses. Suspicious, Manor forwarded the link to researchers at the University of Toronto's Citizen Lab, who recognized what they were looking at. "On August 10 and 11, 2016, Mansoor received SMS text messages on his iPhone promising ;new secrets' about detainees tortured in UAE jails if he clicked on an included link. Instead of clicking, Mansoor sent the messages to Citizen Lab researchers. We recognized the links as belonging to an exploit infrastructure connected to NSO Group, an Israel-based 'cyber war' company that sells Pegasus, a government-exclusive "lawful intercept" spyware product," Citizen Lab said in a new report on the attack and iOS flaws.

Re:Apple Fights a Loosing Battle

How do you confuse lose and loose? You made a very fine comment, but undid it all with that mistake. -1

Re:How many can get updates from carriers!?

[TigerPlish]

Few. Any. Time. Soon. Give. It. Up.

That's not how iOS works. The carriers just carry. Apple provides the update -- to the user's device. The carrier has no say in it at all.

Or, are you implying that the carriers will refuse to carry the update? That would be selective blocking / filtering, and once that story breaks, well, it'll be pitchforks and torches against those carriers.

And, to cover any misunderstandings, if the phone has no carrier, it cannot transmit, either.

So... what was your point, again?

Re:How many can get updates from carriers!?

[ArtemaOne]

Not for iOS. Is this an Android "feature"?

Re: iOS sucks!

[angel'o'sphere]

I only was once in an apple store, but it was an amazing experience.

That was in Paris close to the Louvre, I forgot my iPad charger at home, so I bought a new Charger and a canle.

While I was looking through the different chargers and picked what I wanted a lady approached me and aksed if she could help me, and I said, no I have all I want.

So she said "ah, oki, want to pay in cash or with card?" So I replied "with card", and she said: then you can pay right away here (without me needing to go to the cashier)

So she took out her iPhone 4, made a photo of my credit card, and asked a seond later: "you have this email adress?"

"Yes?"

"Do you want a bill as PDF to that eMail address?"

"Yes!"

"And this is credit card is keyed to your iTunes Account?"

"Yes?"

"Do you want to be billed via the iTunes Account?"

"Yes!"

Actually I should have asked her when she finishes working ... she was about my age but typical french, strict hair in a bunny, dark skin and hair, in a small black dress. Likely with ancestors from north africa.

Annyway, I avoided the queue at the cashier, payed where I was standing, got a 'real bill' via email ...

The shop was full with 'servants' like that, probably 30 - 40 people serving customers. In france it is typical that shops have a bit more 'clerks' or workers than in germany ... but that topped every thing I ever have seen before.

Of course there was a chill out area, with free WiFi etc. too ...