Rights lawyer raises alarm over undiscovered iOS vulnerabilities

Ahmed Mansoor contacted security researchers after receiving an SMS message with a link to allegedly “secret” information about torture in the United Arab Emirates (UAE).

Mr Mansoor is a prominent human rights defender in the UAE and has faced various cyber attacks in the past.

After reporting the link to security companies CitizenLab and Lookout, three new iOS security vulnerabilities were discovered.

If Mr Mansoor had clicked the link, software would have covertly installed itself on his phone - and would have given the attacker secret access to his phone camera, microphone, GPS and messages.

The flaws have been fixed in iOS 9.3.5 and CitizenLab has published a breakdown of the vulnerabilities to coincide with the security patch.

They point to the NSO Group, a “cyber war” company based in Israel, as the likely source of the technology.

In their analysis, they add: “The high cost of iPhone zero-days, the apparent use of NSO Group’s government-exclusive Pegasus product, and prior known targeting of Mansoor by the UAE government provide indicators that point to the UAE government as the likely operator behind the targeting.”

In a statement, Apple said: “We were made aware of this vulnerability and immediately fixed it with iOS 9.3.5.

“We advise all of our customers to always download the latest version of iOS to protect themselves against potential security exploits.”