Zero-day attack which deprives all information of iPhone just by stepping on link is found and can be taken by "iOS 9.3.5" application


ByFaris Algosaibi

I vulnerable the iPhone's iOS vulnerabilityZero-day attack, Revealed the presence of atrocious malware that deprives iPhone of full control just by stepping on the link. According to the researcher's findings, Apple has released an emergency patch instantly to deal with it.

Government Hackers Caught Using Unprecedented iPhone Spy Tool | Motherboard
https://motherboard.vice.com/read/government-hackers-iphone-hacking-jailbreak-nso-group?utm_source=mbtwitter


A researcher at Citizen Lab at the University of Toronto received a report from a human rights activist in the United Arab Emirates that he received a "suspicious message." The message says "About the unknown secret of torture being done in a prison in the Arab country", and a link leading to a page of some sort was written. A human rights activist's man previously used government spyware "commercial spyware"FinFisherIt was said that the link had not been checked ahead.

The research team of Citizen Lab analyzed this suspicious message that this attack was caused by malware that was undiscovered so far, which exploits the three vulnerabilities existing in Apple's iOS, and if you click the link, you can remotely access the iPhone There is a risk that Jailbreak (jailbreak) will be done and all information in the terminal will be accessed. These three vulnerabilities are unknown vulnerabilities that have never been reported until malware is discovered and if it is sold as commercial malware it is worth more than $ 1 million (about 100 million yen) It is estimated.

Motherboard believes that the possibility of Israeli surveillance software maker "NSO group" is high, although it is not clear what kind of organization was launching a zero day attack. NSO has long been known for selling commercial malware that can steal iPhone information. Researchers at Citizen Lab have reported this problem to Apple and instantly released a security update for "iOS 9.3.5" that addresses this vulnerability. People who have not yet updated need to be executed as soon as possible.

About the security content of iOS 9.3.5 - Apple support
https://support.apple.com/ja-jp/HT207107

in Mobile,   Security, Posted by darkhorse_log