Citizen Lab researchers clicked on the link from their own iPhone, and observed a software download from the site. They shared the information with Lookout. “Both research teams determined that Mansoor was targeted with a zero-day iPhone remote jailbreak,” Citizen Lab writes. “The attack on Mansoor appears to have used Pegasus, a remote monitoring solution sold by NSO Group Technologies Ltd.”
“Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements,” Citizen Lab says in its report.
Citizen Lab and Lookout reported the vulnerabilities to Apple and timed release of their reports with Apple’s release of the patches contained in iOS 9.3.5.
Sign up for CIO Asia eNewsletters.