If you have an iPhone, iPad or other iOS device you should should install the software update that Apple released today, which fixes a serious security vulnerability that was discovered after a Middle Eastern pro-democracy activist's phone was targeted with powerful spyware that exploits previously undisclosed weaknesses to allow hackers to take complete control over their victims' phones.
According to published reports, the attack on the dissident, Ahmed Mansoor , involved sending him a text message that invited him to click on a web link. Mansoor did not click the link, but instead forwarded the the message onto researchers at the University of Toronto's Citizen Lab.
According to the Reuters, the researchers worked with folks at mobile security firm, Lookout, and determined that had Mansoor clicked the link, his phone would have become infected with spyware that exploited three previously undisclosed vulnerabilities in iOS -- malware that would have let the as-of-yet-unknown attackers take complete control of his devices. The attackers would have been able to read his email, messages, calendars, and social media, capture his passwords, and record his calls -- all without him knowing.
Until you update your phone or tablet, you are at risk of the same.
(This episode should serve as a reminder not to click on unexpected links sent via email or text message. Malware that depends on people clicking links often sends messages that impersonate businesses or charities. Be vigilant.)
Researchers suspect that the powerful spyware was created by NSO Group, an allegedly mostly-American owned, Israeli provider of cyberweapons to various governments. What is not clear, however, is which government - if any - was using the malware to target Mansoor. (It should be noted that NSO Group has not admitted to having created the malware, but it did state that it provides " authorized governments with technology that helps them combat terror and crime. ")
Apple said today that it issued a fix for the vulnerabilities immediately after being informed about the problem.
So, make sure that you install the update, which is installed using the normal Software Update process. After the update, your device should show that you are using iOS 9.3.5.
Perhaps the bright side of this incident is the discovery of a potential step forward toward Middle East peace: Mansoor is presently in the United Arab Emirates, and banned from leaving; when it comes to spying on him, therefore, the UAE government is clearly the prime suspect. It seems possible, if not likely, therefore, that an Arab government that officially does not recognize the existence of the State of Israel was knowingly buying Israeli technology.