Got an iPhone? Then you should update it to the latest version of iOS right away: iOS 9.3.5, which was released by Apple Thursday, closes three critical security vulnerabilities that were used by a foreign government in an attempt to spy on a dissident.
Pro-democracy activist Ahmed Mansoor, who has in the past been targeted for his work against human rights violations in the United Arab Emirates, received two suspicious text messages this week. Instead of opening them, he got in contact with security researchers, who were able to confirm his suspicions. The text messages in question would have installed malware on his phone that would have made it possible for outsiders to monitor his communication, download data from his phone and remotely control the device.
The malware, dubbed Pegasus, is being sold by a secretive Israeli surveillance technology company called NSO Group, which sells its software to foreign governments — ostensibly to fight crimes, but Mansoor’s case shows that malware like Pegasus can quickly target the innocent as well.
That’s why mobile security company Lookout has now added Pegasus to the known threats its iOS security software is scanning for. Individuals or companies can use Lookout’s software to check their own devices for the presence of Pegasus, and the company has published detailed instructions on how to do so online.
However, even users who had previously installed Lookout on their phone are advised to still update their iOS operating system. After all, others may have discovered the vulnerabilities exploited by Pegasus as well, and may be using them for their own exploits.
That being said, Lookout does point out that it is unlikely for most people to have fallen victim to the malware. “Lookout believes the vast majority of users will not be impacted by Pegasus given the sophisticated, targeted nature of the attack,” the company wrote on its site.