Apple patches vulnerabilities used in military contractor spyware

Apple has patched a cocktail of three iPhone security vulnerabilities that allowed a U.S.-owned militarized-spyware company to help surveil foreign political dissidents.

{mosads}The University of Toronto’s Citizen Lab and Lookout, a vendor of mobile security products, announced the discovery of the complementary vulnerabilities in Apple’s iOS on Thursday. They have named the package of attacks “Trident.”

Trident would allow users to attack the operating system itself, something often called “jailbreaking.”

“We’ve never seen a remote jailbreak vulnerability in the wild before,” Lookout representative Heather MacKinnon said.

As is common with security research, the team delayed announcing the vulnerabilities until after Apple patched it.  Apple fixed the problems less than 10 days after it was contacted, an extremely fast response time.

“[Our lab has] never seen a vendor react so quickly,” said MacKinnon.

The researchers are saying the Israeli cellphone surveillance vendor NSO used Trident to implant its Pegasus software on iPhones. NSO is owned by the American Francisco Partners Management. 

Citizen Lab is well known for its work investigating surveillance software being used against political targets. Citizen Lab brought in Lookout to assist in an investigation of suspicious links originally sent to Ahmed Mansoor, a well known UAE human rights activist. Citizen Lab linked the spyware to NSO through domain names utilized in the attack. 

Mansoor has been the victim or similar attacks in the past. In 2011, Citizen Lab found spyware from British military contractor Gamma on his machines. In 2012, the Lab found spyware from Italian contractor Hacking Team. 

Apple released a patch Thursday for current cellphones using iOS, one Lookout advises iPhone owners to install. 

“Immediately, everyone needs to update their iPhone,” said MacKinnon.