Update your iOS device to 9.3.5 as it fixes serious security vulnerabilities

By Julian Chokkattu August 25, 2016

apple ios 935 update os updates

Got a notification to update your iOS device to 9.3.5? You really shouldn’t wait to install it — the new version fixes three security vulnerabilities that were actively exploited by an Israel-based company in an episode likely involving the UAE government and a spy operation.

The NSO Group sells surveillance software that utilizes three zero-day vulnerabilities in iOS — it’s something that rarely happens in the wild, according to the team of researchers that reported the flaws to Apple. “Zero days” means the flaws were previously unknown, and a company had no time, or “zero days,” to fix them.

Recommended Videos

It all started with Ahmed Mansoor, a well-recognized human rights defender based in the United Arab Emirates. On August 10 and 11, Mansoor got an SMS on his iPhone “promising “new secrets” about detainees tortured in UAE jails if he clicked on an included link.

Mansoor didn’t click the link — he sent it straight to Citizen Lab researchers housed in the University of Toronto. If Mansoor had followed the link, the exploit would have remotely jailbroken his iPhone 6, and installed spyware.

“Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements,” according to Citizen Labs’ report.

The team worked with researchers at Lookout Security and managed to track the exploit back to NSO Group, a “cyber-war” company that sells Pegasus, a government-exclusive “lawful intercept” spyware product. Oddly, NSO Group is owned by an American venture capital firm named Francisco Partners Management.

“The high cost of iPhone zero-days, the apparent use of NSO Group’s government-exclusive Pegasus product, and prior known targeting of Mansoor by the UAE government provide indicators that point to the UAE government as the likely operator behind the targeting,” the researchers write in the report.

Immediately after discovering Trident, Citizen Labs and Lookout Security notified Apple. The Cupertino company said it would address the vulnerabilities — and 10 days later, Apple patched them up in iOS 9.3.5. It’s likely the last update to iOS 9, as iOS 10 is likely to release soon.

The exploit and patch come weeks after Apple announced its first bug bounty program, which is to begin as an invitation-only process with the company doling out rewards as high as $200,000 for discovered vulnerabilities.

The update is available to all devices running iOS 9 through an over-the-air update.

Topics

Julian Chokkattu

Former Digital Trends Contributor

Julian is the mobile and wearables editor at Digital Trends, covering smartphones, fitness trackers, smartwatches, and more…

Mobile

iOS 17 isn’t the iPhone update I was hoping for

iMessage stickers in iOS 17

Apple gave us a jam-packed WWDC 2023 keynote, and it was one of the most significant ones in years. After all, it introduced a brand new product category for Apple with the Vision Pro mixed reality headset. It’s basically as significant as when Steve Jobs revealed the iPhone in 2007, then the iPad in 2010, and when Tim Cook showed off the Apple Watch in 2014.

But the headset isn’t the only thing we got in the WWDC keynote. Since it’s a developer conference, it’s also about the software for all of our devices. This includes iOS 17 for the iPhone, along with iPadOS 17, watchOS 10, and macOS 14 Sonoma.

Mobile

iOS 17’s coolest new feature is horrible news for Android users

iOS 17 contact posters

At the end of 2022, Google implored Apple to “get the message” and end the green-versus-blue bubble controversy by adopting RCS messaging. Apple’s response eventually came at WWDC 2023, where it introduced a new iOS 17 feature called Contact Posters, which instead of bringing everyone together, only furthers the us-versus-them split between Android and iOS.

If you thought the green/blue iMessage arguments could get fiery, there’s a lot more to come.
Blue good, green bad

Mobile

Everything Apple didn’t add to iOS 17

Apple’s WWDC 2023 keynote has come and gone, and with it came one of the biggest new announcements in years: Apple Vision Pro, which is Apple’s first foray into the VR/AR headset space. Of course, we also got software updates for existing products that we already have right now, including iOS 17 for the iPhone.

Before WWDC 2023 kicked off, there were a lot of rumors and speculation revolving around iOS 17 and what we would end up seeing —with the possibility of some “highly requested features from users.” Now that it’s been announced, it’s actually not as exciting as we thought, and some of the features that did get announced weren’t leaked.