Skip to main content

Update your iOS device to 9.3.5 as it fixes serious security vulnerabilities

apple ios 935 update os updates
Image used with permission by copyright holder
Got a notification to update your iOS device to 9.3.5? You really shouldn’t wait to install it — the new version fixes three security vulnerabilities that were actively exploited by an Israel-based company in an episode likely involving the UAE government and a spy operation.

The NSO Group sells surveillance software that utilizes three zero-day vulnerabilities in iOS — it’s something that rarely happens in the wild, according to the team of researchers that reported the flaws to Apple. “Zero days” means the flaws were previously unknown, and a company had no time, or “zero days,” to fix them.

Recommended Videos

It all started with Ahmed Mansoor, a well-recognized human rights defender based in the United Arab Emirates. On August 10 and 11, Mansoor got an SMS on his iPhone “promising “new secrets” about detainees tortured in UAE jails if he clicked on an included link.

Please enable Javascript to view this content

Mansoor didn’t click the link — he sent it straight to Citizen Lab researchers housed in the University of Toronto. If Mansoor had followed the link, the exploit would have remotely jailbroken his iPhone 6, and installed spyware.

“Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements,” according to Citizen Labs’ report.

The team worked with researchers at Lookout Security and managed to track the exploit back to NSO Group, a “cyber-war” company that sells Pegasus, a government-exclusive “lawful intercept” spyware product. Oddly, NSO Group is owned by an American venture capital firm named Francisco Partners Management.

“The high cost of iPhone zero-days, the apparent use of NSO Group’s government-exclusive Pegasus product, and prior known targeting of Mansoor by the UAE government provide indicators that point to the UAE government as the likely operator behind the targeting,” the researchers write in the report.

Immediately after discovering Trident, Citizen Labs and Lookout Security notified Apple. The Cupertino company said it would address the vulnerabilities — and 10 days later, Apple patched them up in iOS 9.3.5. It’s likely the last update to iOS 9, as iOS 10 is likely to release soon.  

The exploit and patch come weeks after Apple announced its first bug bounty program, which is to begin as an invitation-only process with the company doling out rewards as high as $200,000 for discovered vulnerabilities.

The update is available to all devices running iOS 9 through an over-the-air update.

Julian Chokkattu
Former Digital Trends Contributor
Julian is the mobile and wearables editor at Digital Trends, covering smartphones, fitness trackers, smartwatches, and more…
iOS 18.2 is rolling out now with a ton of new Apple Intelligence features
Apple Intelligence on the Apple iPhone 16 Plus.

Apple has started the public rollout of iOS 18.2 and the corresponding iPadOS update, and they bring a handful of long-awaited features in its AI kit. The release notes are pretty exhaustive, and they reveal a few features that are minor improvements to the already available Apple Intelligence bundle.

The most notable addition is ChatGPT integration with Siri, which shifts things over to the OpenAI chatbot if Apple’s assistant can’t provide an answer. ChatGPT integration is also expanding within the Writing Tools set, thanks to the compose feature that lets users create fresh content and generate images.

Read more
I used a Wear OS smartwatch for the first time, and I love it
Someone wearing an Apple Watch Ultra and Pixel Watch 3 on different wrists.

Ever since the original Apple Watch, smartwatches as a whole have really taken off. Though Apple largely dominates the market, there are still plenty of non-Apple smartwatches to choose from.

I’ve been solely an Apple Watch user for the past decade, but I’ve been trying out a Google Pixel Watch 3 for the past couple of weeks. And, honestly, I kind of love it.
A round smartwatch is so much sleeker

Read more
Google Gemini arrives on iPhone as a native app
the Google extensions feature on iPhone

Google announced Thursday that it has released a new native Gemini app for iOS that will give iPhone users free, direct access to the chatbot without the need for a mobile web browser.

The Gemini mobile app has been available for Android since February, when the platform transitioned from the older Bard branding. However, iOS users could only access the AI on their phones through either the mobile Google app or via a web browser. This new app provides a more streamlined means of chatting with the bot as well as a host of new (to iOS) features.

Read more