On August 26, 2016, security researchers announced that spyware is being sold to governments that exploits Apple iOS vulnerabilities. The spyware, called "Pegasus" by researchers, allows access to data and activity on infected devices, including voice calls, emails, messages, keystrokes, audio and video, and contacts, along with other information. Pegasus is installed when the victim clicks a link sent in an SMS message. Yesterday Apple released iOS version 9.3.5, which patches three vulnerabilities it collectively refers to as "Trident" that can be exploited by Pegasus.
For more information, see http://arstechnica.com/security/2016/08/actively-exploited-ios-flaws-that-hijack-iphones-likely-spread-for-years/.
Affected Apple Devices
Pegasus can infect all Apple devices running iOS 9 versions, including:
- iPhone 4S and later
- iPad 2 and later
- All iPad minis and iPad Pros
- iPod Touch, 5th generation and 6th generation
ACA Aponix Guidance
We recommend taking the following precautions to protect your iOS devices and your data:
- Install the latest iOS software update on all of your iOS devices immediately.
- Install all future iOS updates as soon as they become available.
- Exercise caution when clicking links, and never click unknown links or links from unknown senders.
If you have any questions, please contact your ACA Aponix consultant or email us at firstname.lastname@example.org.