A hacking group exposed some nasty holes that Apple has patched with an emergency fix.
Over the past few days, Apple has released a point-release to iOS 9.3 – iOS 9.3.5 – that was released to patch vulnerabilities exploited by the Pegasus malware. Pegasus, a set of tools that is branded as “lawful intercept” spyware by the NSO Group and has sold to some nation states for up to $1M USD. It could be used to remotely jailbreak iPhones and then use the device’s microphone to eavesdrop on suspected dissidents and its cameras to capture images of them.
iOS 9.3.5 was released to specifically thwart this malware.
Pegasus was highly sophisticated, silently installing itself via a link sent to an unsuspecting user via text message. Once installed, Pegasus can do more than just spy on you, it can also intercept cellular calls, Facetime audio and video calls, text messages, email and more. The software has been nicknamed an attack “lookout.”
Security Analysis firm Lookout indicates that Pegasus can take advantage of the following security weaknesses in iOS 9.x: