If you have an iPhone, you need to download the latest iOS update right now. Apple released the “important security update” in response to an active malware threat that can be used to read texts and email, record calls (including WhatsApp and Viber calls), track your location and turn on your phone’s camera and microphone. If that sounds terrifyingly invasive, that’s because it is.
The threat, dubbed “Trident” by mobile security firm Lookout, exploits three zero-day vulnerabilities in iOS 9 to form an “attack chain” that can break through Apple’s (relatively) secure platform. According to University of Toronto’s Citizen Lab, Trident is used in a spyware product developed by Israel-based “cyber war” company NSO Group (which is reportedly owned by an American venture capital firm).
Citizen Lab and Lookout became aware of the issue when links containing the Trident exploit and the spyware were sent to Ahmed Mansoor, a human rights defender based in the United Arab Emirates. Mansoor did not click on the links and instead forwarded the emails to Citizen Lab, but had he clicked on the links, his phone would have been remotely jailbroken and invaded by NSO Group’s “government-exclusive” spyware. Upon confirming the zero-day iOS vulnerabilities, Citizen Lab and Lookout notified Apple — and now Apple has released a fix.