Apple's iOS 9.3.5 fixes critical flaws which let hackers install spyware in iPhones

A serious loophole in Apple's iOS operating system nearly compromised an iPhone, but has since been fixed after Apple was alerted by security firms.

Human rights lawyer Ahmed Mansoor recently received two unsolicited texts on his iPhone and researchers determined those texts were a way to install spyware on his iPhone.

iPhone users targeted AGAIN by phishing scam

The unsolicited texts sent to Ahmed Mansoor asked him to click on a link so that he could learn about prisoners being tortured inside jails in the United Arab Emirates. Rather than falling for the bait, he alerted security firms Citizen Lab and Lookout. The two security firms determined that the texts were sent by a cyber-war company named NSO Group and links inside the texts carried spyware. If Mansoor clicked on these links, hackers would have been able to remotely access his device.

"Once infected, Mansoor's phone would have become a digital spy in his pocket, capable of employing his iPhone's camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements," said Citizen Lab to the BBC.

The two security firms noticed that hackers could get to Mansoor's iPhone by exploiting as many as three unknown flaws in Apple's code. They reported the threat to Apple and the company released a software update named iOS 9.3.5 inside ten days to fix the existing flaws.

Apple's iOS and OS X contain deep security flaws, say researchers

This isn't the first time that security flaws in Apple's iOS operating system have been reported. Last year, a team of researchers highlighted several weaknesses in Apple's cross-app resource sharing design and communication mechanisms in both iOS and OS X platforms, which any hacker could take advantage of and bypass security checks in the App Store to steal passwords from installed apps. The security flaw could expose sensitive information present inside the iOS and OS X ecosystems like iCloud tokens and passwords, mail app passwords and passwords stored by Google Chrome.

A number of hackers have also atempted to trick iOS users to obtain their bank account details and other personal information. In May, celebrity comedian Jack Dee and former cricketer Matt Prior were among a large number of iPhone users who were at the receiving end of tricky text messages which ask them to enter their account details on a website to ensure that their iCloud accounts did not get deactivated.

""Phishers" create elaborate websites that look similar to iTunes, but their sole purpose is to collect your account information. Often, a fake email will ask you to click on a link and visit one of these phishing websites to "update your account information," said Apple in its website.

"In general, all account-related activities will take place in the iTunes application directly, not through a web browser. If you are asked to update your account information, make sure that you do so only in iTunes or on a legitimate page on, such as the online Apple Store," the company added.

Source: BBC

Leave a Comment