Apple Releases iOS 9.3.5 After Major Security Exploits Uncovered

IMG 0440

Apple today released iOS 9.3.5, the latest update for its iOS 9 mobile operating system. The release comes almost a month after pushing out iOS 9.3.4 and just a few weeks before the latest upgrade iOS 10 will be released to the public. iOS 10 is currently in beta.

iOS 9.3.5 is available to all devices as an OTA update and since it is a security update, Apple recommends updating for all users.

The New York Times has one good argument on why you should upgrade:

Investigators discovered that a company called the NSO Group, an Israeli outfit that sells software that invisibly tracks a target’s mobile phone, was responsible for the intrusions. The NSO Group’s software can read text messages and emails and track calls and contacts. It can even record sounds, collect passwords and trace the whereabouts of the phone user.

There’s a Canadian link to the patch, as two researchers, Bill Marczak and John Scott Railton, at Citizen Lab at the University of Toronto’s Munk School of Global Affairs, and Lookout, a San Francisco mobile security company, discovered the exploits and told Apple immediately, after UAE activist Ahmed Mansoor was targeted and passed along the malware link. The iPhone maker released a fix in just ten days.

iOS 9.3.5 fixes that security flaw. You can read more about the security content of the latest software update here, while read more about NSO and how it tried to lure journalists to click on SMS links over at Motherboard, here.

The scariest part of this malware, which exploited three holes in iOS? They existed since iOS 7 and the iPhone 5, says Motherboard:

Moreover, the malware is programmed with settings that go all the way back to iOS 7, which indicates that NSO has likely been able to hack iPhone devices since the iPhone 5.

Lookout Vice President, Mike Murray, explains what the malware can do to iOS users:

“It basically steals all the information on your phone, it intercepts every call, it intercepts every text message, it steals all the emails, the contacts, the FaceTime calls. It also basically backdoors every communications mechanism you have on the phone,” Murray explained. “It steals all the information in the Gmail app, all the Facebook messages, all the Facebook information, your Facebook contacts, everything from Skype, WhatsApp, Viber, WeChat, Telegram—you name it.”

More reading on the subject matter below:

Stop what you’re doing and update iOS immediately, folks!

Technology enthusiast, rocker, biker and writer of iPhoneinCanada.ca. Follow me on Twitter or contact me via email: istvan@iphoneincanada.ca

  • jabohn

    Not to be picky, but the term “seeds” implies a test release to developers and beta testers, not a public release.

  • Thanks, we’ve clarified!

  • Quattro

    Although that can be a use of the term seeding, that is not what it means (or implies). The term means to gradually propagate a download to whoever it is intended, whether that’s a specific group, or a general mass.

  • jabohn

    However, Apple uses the term to mean a beta typically.

  • Quattro

    Nope… It seeds updates to the general public ALL the time. You ever see a new app update reported here, but it’s not available on your phone yet? … Seeding … Does your friend have an OS update but you haven’t received the notification yet? … Seeding.

  • jabohn

    Your comments make no sense. Apple even has a program that’s not available to the public and calls those releases Seed Builds. When the final update is released to the public Apple never calls it a seed. Regardless of the actual meaning, the article has already been changed to use the term more common to the general public.

  • Quattro

    It makes no sense to you because you are relying on what you “think” you know based on observation. My profession is in this area, therefore I known what I’m talking about.

    Like I said, Apple can use the term “seeding” just for beta’s and such if it wants, but assuming the term is used JUST for that purpose is incorrect.