Apple says it’s already patched ‘many’ Wikileaks iOS exploits

Less than 24 hours ago, Wikileaks published a large cache of documents detailing top secret CIA operations conducted by its Center for Cyber Intelligence. Included in the 8,761 documents and files, referred to was Vault 7, are references to zero-day exploits that were reportedly being used to track and control iPhones but also Android phones and Samsung smart TVs.

While the authenticity of some of Wikileaks’ claims are still in question, Apple has confirmed that some of the threats towards its mobile operating system are very real. In a move to reassure customers, the company issued a statement noting that it has already taken steps to patch “many” of the 14 iOS vulnerabilities listed and is working to “rapidly address” the rest.

An Apple spokesperson told TechCrunch: “Apple is deeply committed to safeguarding our customers’ privacy and security. The technology built into today’s iPhone represents the best data security available to consumers, and we’re constantly working to keep it that way. Our products and software are designed to quickly get security updates into the hands of our customers, with nearly 80 percent of users running the latest version of our operating system. While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities. We always urge customers to download the latest iOS to make sure they have the most recent security updates.”

Apple hasn’t specified which exploits it has patched or when it expects the remainder to be fixed, but the statement does stress the importance of keeping your devices updated. Apple has reiterated time and again that it values the privacy of its customers, so it’s likely that upcoming software updates could be expedited to ensure iPhone and iPad users are protected.

Source: TechCrunch

Engadget RSS Feed

Apple patches three zero-day exploits after activist is hacked

Apple has rolled out a patch for three previously unknown zero-day exploits that were used to hack into the iPhone 6 of Ahmed Mansoor, an award-winning human rights activist based in the United Arab Emirates. Security company Lookout and internet watchdog group Citizen Lab investigated the attack on Mansoor’s iPhone and found it to be the product of NSO Group, a “cyber war” organization based in Israel that’s responsible for distributing a powerful, government-exclusive spyware product called Pegasus.

The hack took advantage of three zero-day exploits that allowed the attackers to jailbreak Mansoor’s iPhone and install spyware to track his movements, record his WhatsApp and Viber calls, log his messages and access his microphone and camera. Given the high cost of iPhone zero-days and the use of a government-specific spyware product, Citizen Lab believes the UAE is behind the hack. The UAE has previously targeted Mansoor.

“We are not aware of any previous instance of an iPhone remote jailbreak used in the wild as part of a targeted attack campaign, making this a rare find,” Citizen Lab writes.

Once Citizen Lab discovered the zero-days, it contacted Apple and says the company responded promptly. Apple released a software update today, iOS 9.3.5, that addresses the three flaws.

Source: Citizen Lab, Apple, Lookout

Engadget RSS Feed