iPhone users are being urged to update their software as soon as possible to fix a dangerous security flaw that could allow hackers to secretly track a user’s data.
The flaw was discovered after prominent human rights activist Ahmed Mansoor was targeted with a malicious text message inviting him to click on a web link. Thankfully, Mansoor thought the message looked suspicious and forwarded it to security researchers.
Experts at the University of Toronto’s Citizen Lab – along with researchers with security company Lookout – found that if Mansoor had clicked on the link, it would have installed a very sophisticated spyware program that took advantage of three flaws within Apple’s software the company was unaware of.
“Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements,” Citizen Lab wrote in a report released on Thursday.
What you need to know
The flaw effectively leaves you at risk of malicious web links, like the one mentioned in the report.
If you clicked on one of those links, hackers could install a program to spy on your text messages, phone calls, emails and even your phone’s camera.
The good news is, researchers alerted Apple to the security flaw quickly and Apple has already deployed a security update fixing those flaws.
That means all iPhone and even iPad users should update their software to iOS 9.3.5 immediately.
How to protect yourself
On your device, tap on “Settings,” then “General.”
Next, tap on “Software Update” and the iOS 9.3.5 update should automatically appear.
Then tap “Download and Install.”
Apple usually recommends that you back up your device before installing new software to ensure you don’t lose any data. If you have photos or data that you don’t want to risk losing, you should back up your phone to iCloud or plug it in to a computer with iTunes before installing the update.
This case also serves as an important reminder not to open text messages, emails, or open web links that you think look suspicious – whether on your smartphone or your computer.
If you are using a computer, however, there is a way to check to see if a link is malicious.
Often attackers will use a legitimate web address in the hyperlinked text of the email, but once you click on the link it takes you to a malicious website.
But, if you hover your mouse over the link – without clicking on it – a small yellow box will appear showing the actual web address the link will take you to. If the link doesn’t match the hyperlinked text, it’s likely malicious.