Lorenzo Franceschi-Bicchierai, writing for Motherboard:
This is the first time that anyone has uncovered such an attack in the wild. Until this month, no one had seen an attempted spyware infection leveraging three unknown bugs, or zero-days, in the iPhone. The tools and technology needed for such an attack, which is essentially a remote jailbreak of the iPhone, can be worth as much as one million dollars. After the researchers alerted Apple, the company worked quickly to fix them in an update released on Thursday.
The question is, who was behind the attack and what did they use to pull it off?
It appears that the company that provided the spyware and the zero-day exploits to the hackers targeting Mansoor is a little-known Israeli surveillance vendor called NSO Group, which Lookout’s vice president of research Mike Murray labeled as “basically a cyber arms dealer.”
A great story from Motherboard that is equal parts fascinating and absolutely terrifying. The malware from NSO is able to effectively steal all the information on your phone, intercept every message and add backdoors to every method of communication on your phone. Evidence suggests that NSO has likely been able to hack iPhones since the iPhone 5.
The security researchers who first became aware of the security bugs notified Apple about 10 days ago, and Apple today released iOS 9.3.5 which fixes the bugs. Suffice to say, you should immediately install the update onto your iOS devices.