Apple Patches Safari, OS X Flaws to Prevent Snooping
http://cyberparse.co.uk/2016/09/02/apple-patches-safari-os-x-flaws-to-prevent-snooping/
September 2, 2016
The fix comes a week after Cupertino patched a similar iOS vulnerability. Apple on Thursday fixed critical vulnerabilities in its desktop Safari browser and the OS X operating system. The security update comes after Cupertino last week patched a serious iOS flaw that let malware spy on a users’ phone calls and text messages. But Safari’s mobile and desktop versions share the same codebase, making Mac users vulnerable, as well. According to Apple’s advisory, the Safari 9.1.3 bug could allow a hacker to execute arbitrary code on an unsuspecting victim’s Mac by tricking the person into visiting “a maliciously crafted website.” Hackers employed the same technique recently when they tried to infiltrate human rights activist Ahmed Mansoor’s iPhone. The prominent advocate reportedly received a text message from a “cyber war” company with a link to malware that would have jailbroken his handset and installed surveillance software. The exploit, according to research group Citizen Lab, is connected to NSO Group, an Israeli company best known for selling a government-exclusive “lawful intercept” spyware product called Pegasus. If Mansoor had activated the malware, it would have allowed NSO access to the phone’s camera, microphone, and GPS. “Not only could NSO infect iPhones at the touch of a link, but it seems that the vulnerabilities they were exploiting could be weaponized to target many different platforms,” Citizen Lab researcher Bill Marczak told Motherboard. Citizen Lab did not immediately respond to PCMag’s request for comment. Apple last week released the latest version of iOS, 9.3.5, which fixes the aforementioned issues. The update includes two improvements to how iOS devices access memory, as well as a patch that prevents visits to malware-laden websites.