Apple rushed to release a new security update Thursday after system vulnerabilities were reported to the company following an attempted cyberattack on a human rights lawyer in the United Arab Emirates.
The Associated Press reported that Ahmed Mansoor received a suspicious text message earlier this month with a link promising information about torture in the United Arab Emirates’ prisons. Mansoor, who according to the AP, had previously been the target of “electronic eavesdropping,” was suspicious and didn’t click the link. Instead, the AP wrote:
He reported it to Citizen Lab, an internet watchdog, setting off a chain reaction that in two weeks exposed a secretive Israeli cyberespionage firm, defanged a powerful new piece of eavesdropping software and gave millions of iPhone users across the world an extra boost to their digital security.
According to a report from Citizen Lab, clicking on the suspicious link “would have remotely jailbroken Mansoor’s stock iPhone 6 and installed sophisticated spyware.” The mobile security firm Lookout partnered with Citizen Lab to examine the software. Lookout’s vice president of research Mike Murray told Motherboard that the simple, stealthy hack was “one of the most sophisticated pieces of cyberespionage software we’ve ever seen.”
The AP wrote that the spyware has been “valued at $1 million,” which amused Mansoor.
“If you would give me probably 10 percent of that,” he told the news service, “I would write the report about myself for you!”
That valuation is based on past bounties paid to ethical hackers who have exposed similar advanced vulnerabilities, Motherboard reported.
In their reports, Citizen Lab and Lookout identified an Israeli firm, NSO Group, as being behind the attack. The AP wrote:
In a statement released Thursday, which stopped short of acknowledging that the spyware was its own, the NSO Group said its mission was to provide “authorized governments with technology that helps them combat terror and crime.”
The company said it couldn’t comment on specific cases.
Along with the fix, Apple released a statement that it “doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available.”
