Apple is issuing a security update to fix three previously undisclosed weaknesses that could allow hackers to crack security on the company's products.


The weaknesses were disclosed by reports published Thursday by the Toronto-based Citizen Lab and mobile security firm Lookout. The organizations found that a human rights activist from the United Arab Emirates, 46-year-old Ahmed Mansoor, had been targeted using the flaws.

Mansoor, who has also been targeted by governments using spyware products developed by firms FinFisher and Hacking Team, reported receiving a text message containing a hyperlink that promised "New secrets about torture of Emiratis in state prisons."

Instead of opening the link, Mansoor forwarded the message to Citizen Lab. Researchers discovered that opening it would have allowed the perpetrator to take full control of Mansoor's device using three software flaws.

Related Story: http://www.washingtonexaminer.com/article/2583581
Researchers said the author of the malware appeared to an Israeli surveillance vendor called NSO. The firm has a reputation for engaging in "black hat" activity, meaning it sells vulnerabilities and hacking tools to governments and criminal elements alike.

The FBI this year bought a method of cracking into older iPhones from an unknown vendor or vendors for more than $1 million. Reports indicated they could have included black hat hackers in addition to an Israeli firm called Cellebrite. After information about NSA hacking tools came out in an online leak this month, cybersecurity experts have speculated about the possibility that a fairly broad range of actors could now have access to the same tools used by the federal agencies.

Apple also paid $1 million to someone who sold information to the company about another flaw, and has increasingly sought to find more through so-called "bug bounty" programs.