A little iPhone history was made this month — a iOS device was infected by just clicking on a link.
This sort of attack had previously only worked on devices where the owner had purposely installed a “jailbreak” hack.
So before you do anything — even read the rest of this post — you should update your iOS software to the latest version of iOS 9, or iOS 10 beta, which has some nice new privacy features.
Here’s how this historic attack happened, according to The Verge:
Earlier this month, an Emirati human rights activist named Ahmed Mansoor got a suspicious text. It promised new details of torture in the country’s state prisons, along with a link to follow if he was interested. If Mansoor had followed the link, it would have jailbroken his phone on the spot and implanted it with malware, capable of logging encrypted messages, activating the microphone and secretly tracking its movements.
Think about what goes into a real APT.
“They do reconnaissance properly and understand what the victim is susceptible to. They have good timing and only create visible noise when it suits their interest,” he told us. “And they have a plan B ready in case someone starts snooping their activities.”
Here, the the most exploitable iPhone vulnerability ever known has now been exposed and patched — for what?
It’s a bit baffling to Erka who compares it to throwing “expensive exploits at this guy like kids throwing rocks.”
You just don’t see zero-day vulnerabilities like this — especially on what had been one of the more secure platforms available — that often.
This has some security researchers thinking:
Perverse incentives: Should I take up political activism so I get more interesting 0day sent my way? /me wonders
— halvarflake (@halvarflake) August 26, 2016
So, if you haven’t already, update now.
[Image by Sean MacEntee via Flickr]