The software update that Apple just released for every iPhone and iPad doesn’t activate any new features—but it does patch three enormous security holes that would allow a savvy hacker to access just about every corner of an iOS device.
If exploited correctly, those flaws allow an intruder unprecedented access to an iPhone. They allow attackers to read every email, text message, calendar item, and file saved on the device; peruse photos and videos; listen in on phone calls; track the device’s location; and remotely turn on its microphone and camera. The phone’s owner would have no idea that anything out of the ordinary was going on.
The vulnerability was discovered by security researchers at Lookout, a mobile software security company, and Citizen Lab, a technology-focused academic research center at the University of Toronto. The researchers there were tipped off by a human-rights activist in the United Arab Emirates, who forwarded a pair of suspicious-looking text messages he received earlier this month from an unknown number. When they examined the link included in the text, they found that it led to a site designed to infect phones with a very advanced virus. The discovery was first reported by Motherboard and The New York Times.