Apple fixes serious security flaw after UAE dissident’s iPhone targeted

By Joseph Menn

SAN FRANCISCO (Reuters) – Apple Inc issued a patch on Thursday to fix a dangerous security hole in iPhones and iPads after researchers discovered that a prominent United Arab Emirates dissident’s phone had been targeted with a previously unknown method of hacking.

The attack on the dissident, Ahmed Mansoor, used a text message that invited him to click on a web link. Instead of clicking, he forwarded the message to researchers at the University of Toronto’s Citizen Lab.

Experts there worked with security company Lookout and determined that the link would have installed a program taking advantage of a flaw that Apple and others were not aware of. The researchers disclosed their findings on Thursday.

The researchers said that they had alerted Apple, which developed a fix and distributed it as an automatic update to iPhone 6 owners.

Apple spokesman Fred Sainz confirmed that the company had issued the patch after being contacted by researchers about the issue.

The Citizen Lab team attributed the attack software to a private seller of monitoring systems, NSO Group, an Israeli company that makes software for governments which can secretly target a user’s mobile phone and gather information from it. Such tools, known as remote exploits, cost as much as $1 million.

An attack on a fully patched, current-model iPhone 6 had not been detected before, though they had been considered possible for major governments, which generally have more surveillance resources at their disposal.

(Reporting by Joseph Menn; Editing by Peter Henderson and Bill Rigby)