Apple has released iOS 9.3.5 update for iPhones and iPads to patch three zero-day security vulnerabilities. This happenned after finding a piece of spyware targeting the iPhone of a renowned UAE human rights defender, Ahmed Mansoor.
One of the world’s most invasive software weapon distributors is the NSO Group. They have been exploiting three zero-day security vulnerabilities in order to spy on dissidents and journalists.
The NSO Group is an Israeli firm that sells spying and surveillance software that secretly tracks a target’s mobile phone. According to a blog post published by Lookout, the three zero-day flaws, dubbed “Trident” by the firm, involved:
- Firstly, a memory corruption vulnerability in WebKit that could allow hackers to exploit a device when a user clicks on a malicious link.
- Secondly, two kernel bugs (allowing device jailbreak) that an attacker secretly installs malware on victim’s device to carry out surveillance.
Apple released the patch update, iOS 9.3.5, on Thursday, and labeled it “important“. Hence, all users were advised to install the latest version of iOS as soon as possible to protect their devices against these potential security exploits.