Apple Fixes Three Zero Days Used In Targeted Attack

Trailrunner7 quotes a report from On The Wire: Apple has patched three critical vulnerabilities in iOS that were identified when an attacker targeted a human rights activist in the UAE with an exploit chain that used the bugs to attempt to remotely jailbreak and infect his iPhone. The vulnerabilities include two kernel flaws and one in WebKit and Apple released iOS 9.3.5 to fix them.

The attack that set off the investigation into the vulnerabilities targeted Ahmed Mansoor, an activist living in the UAE. Earlier this month, he received a text message that included a link to what was supposedly new information on human rights abuses. Suspicious, Manor forwarded the link to researchers at the University of Toronto's Citizen Lab, who recognized what they were looking at. "On August 10 and 11, 2016, Mansoor received SMS text messages on his iPhone promising ;new secrets' about detainees tortured in UAE jails if he clicked on an included link. Instead of clicking, Mansoor sent the messages to Citizen Lab researchers. We recognized the links as belonging to an exploit infrastructure connected to NSO Group, an Israel-based 'cyber war' company that sells Pegasus, a government-exclusive "lawful intercept" spyware product," Citizen Lab said in a new report on the attack and iOS flaws.

Re:How many can get updates from carriers!?

[burtosis]

And, to cover any misunderstandings, if the phone has no carrier, it cannot transmit, either.

So... what was your point, again?

You can use a iPhone with no carrier. I do all the time. You just use wifi enabled calling and sms. It's a lot cheaper, much less of a headache, and quite convienent for some people who nearly always have access wifi.

Re: Safe?

[shitzu]

Well, the fact that an ios vulnerability is newsworthy and android one is not, should tell you which is safer.