Skip to main content

Update your iOS device to 9.3.5 as it fixes serious security vulnerabilities

Got a notification to update your iOS device to 9.3.5? You really shouldn’t wait to install it — the new version fixes three security vulnerabilities that were actively exploited by an Israel-based company in an episode likely involving the UAE government and a spy operation.

The NSO Group sells surveillance software that utilizes three zero-day vulnerabilities in iOS — it’s something that rarely happens in the wild, according to the team of researchers that reported the flaws to Apple. “Zero days” means the flaws were previously unknown, and a company had no time, or “zero days,” to fix them.

Recommended Videos

It all started with Ahmed Mansoor, a well-recognized human rights defender based in the United Arab Emirates. On August 10 and 11, Mansoor got an SMS on his iPhone “promising “new secrets” about detainees tortured in UAE jails if he clicked on an included link.

Mansoor didn’t click the link — he sent it straight to Citizen Lab researchers housed in the University of Toronto. If Mansoor had followed the link, the exploit would have remotely jailbroken his iPhone 6, and installed spyware.

“Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements,” according to Citizen Labs’ report.

The team worked with researchers at Lookout Security and managed to track the exploit back to NSO Group, a “cyber-war” company that sells Pegasus, a government-exclusive “lawful intercept” spyware product. Oddly, NSO Group is owned by an American venture capital firm named Francisco Partners Management.

“The high cost of iPhone zero-days, the apparent use of NSO Group’s government-exclusive Pegasus product, and prior known targeting of Mansoor by the UAE government provide indicators that point to the UAE government as the likely operator behind the targeting,” the researchers write in the report.

Immediately after discovering Trident, Citizen Labs and Lookout Security notified Apple. The Cupertino company said it would address the vulnerabilities — and 10 days later, Apple patched them up in iOS 9.3.5. It’s likely the last update to iOS 9, as iOS 10 is likely to release soon.  

The exploit and patch come weeks after Apple announced its first bug bounty program, which is to begin as an invitation-only process with the company doling out rewards as high as $200,000 for discovered vulnerabilities.

The update is available to all devices running iOS 9 through an over-the-air update.

Julian Chokkattu
Former Mobile and Wearables Editor
Julian is the mobile and wearables editor at Digital Trends, covering smartphones, fitness trackers, smartwatches, and more…
5 rumored iOS 26 features we could see at WWDC 2025
An iPhone 16 laying on a shelf with its screen on.

Apple’s upcoming WWDC 2025 showcase is going to be a busy one, even though the expected AI-powered software rebirth may not land until next year. In the meantime, reliable sources have spilled the beans on what we might expect for the next major iOS overhaul. 

Starting with the name, Apple could skip iOS 19 and could go straight from v18 to v26. We are also expecting a design overhaul, something that could draw inspiration from Vision OS. On the functional side, an AI health coach would be a huge draw for fitness enthusiasts. 

Read more
Why you shouldn’t care what number Apple puts on your iPhone’s software
The Apple iPhone 16 Pro Max's screen.

One number may change to another number at an important industry event on June 9, and despite some of the headlines that have been circulating around the news, this succinct explanation of what may happen allows you to guage its real importance. Apparently, Apple may use the WWDC 2025 keynote presentation to announce a change from the expected iOS 19 software’s name to iOS 26, and here’s why you shouldn’t worry about it. 

Many people won’t even know

Read more
iOS 19 isn’t coming this fall … because Apple is calling it something else
The back of the Apple iPhone 16 Pro Max.

Apple will unveil the latest version of the iPhone operating system at WWDC next month, but apparently it won’t be “iOS 19.”

The tech giant is going to shake up the naming system for iOS, with the next version set to be called iOS 26, according to a Bloomberg report by prominent Apple tipster Mark Gurman on Wednesday.

Read more