Apple issued a patch on Thursday to fix a dangerous security flaw in iPhones and iPads that allows hackers to access your phone with just one tap. 

The company has also urged all of those who own an iPhone to upgrade to the latest version of iOS, which contains the necessary patch. And ignoring this request can be quite risky as one tap by the the hackers can give them full control of your phone. 

Source: Reuters

 

Here's how to do it:

  • Updates can be requested by heading to the iPhone’s setting app, clicking general and choosing security update. 
  • The phone will then retrieve and download the update itself.
  • Protected phones should be running iOS 9.3.5, the latest version of the software.

The issue came to light after researchers discovered that a prominent United Arab Emirates dissident’s phone had been targeted with a previously unknown method of hacking. 

The thwarted attack on the human rights activist, Ahmed Mansoor, used a text message that invited him to click on a web link. Instead of clicking, he forwarded the message to researchers at the University of Toronto’s Citizen Lab.

The hack is the first known case of software that can remotely take over a fully up-to-date iPhone 6.

“We are not aware of any previous instance of an iPhone remote jailbreak used ‘in the wild’ as part of a targeted attack campaign, making this a rare find,” the company said in a statement.

Source: Reuters

 

Experts at Citizen Lab worked with security company Lookout and determined that the link would have installed a program taking advantage of three flaws that Apple and others were not aware of. 

“Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements,” Citizen Lab wrote in a report released Thursday.

The researchers said they had alerted Apple a week and a half ago, and the company developed a fix and distributed it as an automatic update to iPhone 6 owners.

Source: Reuters

 

Who is behind this?

The Citizen Lab team attributed the attack software to a private seller of monitoring systems, NSO Group, an Israeli company that makes software for governments which can secretly target mobile phones and gather information.  Tools such as that used in this case, a remote exploit for a current iPhone, cost as much as $1 million.

But thankfully the bug has been fixed and all you need to do is not ignore the update messages and upgrade your phone to avoid any unwanted spying.

(With inputs from Reuters)