Apple Fixes Three Zero Days Used In Targeted Attack

Trailrunner7 quotes a report from On The Wire: Apple has patched three critical vulnerabilities in iOS that were identified when an attacker targeted a human rights activist in the UAE with an exploit chain that used the bugs to attempt to remotely jailbreak and infect his iPhone. The vulnerabilities include two kernel flaws and one in WebKit and Apple released iOS 9.3.5 to fix them.

The attack that set off the investigation into the vulnerabilities targeted Ahmed Mansoor, an activist living in the UAE. Earlier this month, he received a text message that included a link to what was supposedly new information on human rights abuses. Suspicious, Manor forwarded the link to researchers at the University of Toronto's Citizen Lab, who recognized what they were looking at. "On August 10 and 11, 2016, Mansoor received SMS text messages on his iPhone promising ;new secrets' about detainees tortured in UAE jails if he clicked on an included link. Instead of clicking, Mansoor sent the messages to Citizen Lab researchers. We recognized the links as belonging to an exploit infrastructure connected to NSO Group, an Israel-based 'cyber war' company that sells Pegasus, a government-exclusive "lawful intercept" spyware product," Citizen Lab said in a new report on the attack and iOS flaws.

iOS sucks!

Thank god I use android where such bug fixes will never make it to my phone.

Re: iOS sucks!

[macs4all]

Question: What kind of idiot would buy an Android-powered phone which isn't a Nexus phone?

So, what you're saying us that, kind of the supposed strengths of Android, "freedom to pick a phone from any one of several OEMs", actually cones down to "Only pick Nexus if you value Security".

Thank you for finally confirming that.

Re: iOS sucks!

[angel'o'sphere]

I only was once in an apple store, but it was an amazing experience.

That was in Paris close to the Louvre, I forgot my iPad charger at home, so I bought a new Charger and a canle.

While I was looking through the different chargers and picked what I wanted a lady approached me and aksed if she could help me, and I said, no I have all I want.

So she said "ah, oki, want to pay in cash or with card?" So I replied "with card", and she said: then you can pay right away here (without me needing to go to the cashier)

So she took out her iPhone 4, made a photo of my credit card, and asked a seond later: "you have this email adress?"

"Yes?"

"Do you want a bill as PDF to that eMail address?"

"Yes!"

"And this is credit card is keyed to your iTunes Account?"

"Yes?"

"Do you want to be billed via the iTunes Account?"

"Yes!"

Actually I should have asked her when she finishes working ... she was about my age but typical french, strict hair in a bunny, dark skin and hair, in a small black dress. Likely with ancestors from north africa.

Annyway, I avoided the queue at the cashier, payed where I was standing, got a 'real bill' via email ...

The shop was full with 'servants' like that, probably 30 - 40 people serving customers. In france it is typical that shops have a bit more 'clerks' or workers than in germany ... but that topped every thing I ever have seen before.

Of course there was a chill out area, with free WiFi etc. too ...

Re: iOS sucks!

[CODiNE]

Never read your post. Still haven't. That could explain this.

Re:Apple Fights a Loosing Battle

How do you confuse lose and loose? You made a very fine comment, but undid it all with that mistake. -1

Re:How many can get updates from carriers!?

[ArtemaOne]

What updates does one need from a carrier? They have nothing to do with the operating system.

Re:How many can get updates from carriers!?

[TigerPlish]

Few. Any. Time. Soon. Give. It. Up.

That's not how iOS works. The carriers just carry. Apple provides the update -- to the user's device. The carrier has no say in it at all.

Or, are you implying that the carriers will refuse to carry the update? That would be selective blocking / filtering, and once that story breaks, well, it'll be pitchforks and torches against those carriers.

And, to cover any misunderstandings, if the phone has no carrier, it cannot transmit, either.

So... what was your point, again?

Re:How many can get updates from carriers!?

[bloodhawk]

Carriers regularly act as gateways to updates that only permit approved updates (i.e. ones that don't cause their network issues). It is a pain in the arse but it is reality.

Re:How many can get updates from carriers!?

[burtosis]

And, to cover any misunderstandings, if the phone has no carrier, it cannot transmit, either.

So... what was your point, again?

You can use a iPhone with no carrier. I do all the time. You just use wifi enabled calling and sms. It's a lot cheaper, much less of a headache, and quite convienent for some people who nearly always have access wifi.

Re:How many can get updates from carriers!?

[ArtemaOne]

Not for iOS. Is this an Android "feature"?

Re:How many can get updates from carriers!?

[allquixotic]

It's more about Apple strong-arming the carriers into an agreement where Apple can roll out any software they want to any iPhone at any time, WITHOUT the carriers' approval or testing, and even without allowing the carriers to inject their own software (bloatware) into the image.

All other smartphone vendors are, at least individually, not in a position of enough strength to try and tell Verizon, AT&T, Telstra, Orange, etc. that they don't get to make any software customizations or do their own testing. So therefore all Android phones' updates have to go through the carriers, but Apple updates don't.

Re: Safe?

[shitzu]

Well, the fact that an ios vulnerability is newsworthy and android one is not, should tell you which is safer.

Technical analysis

[BlackSabbath]

https://info.lookout.com/rs/05...

Re: Safe?

[shitzu]

You are talking about android specific forums, etc. I am talking about generel non-tech media. I stand by my statement.