Skip to main content
  1. Home
  2. Mobile
  3. News

Update your iOS device to 9.3.5 as it fixes serious security vulnerabilities

Julian Chokkattu
By

apple ios 935 update os updates
Got a notification to update your iOS device to 9.3.5? You really shouldn’t wait to install it — the new version fixes three security vulnerabilities that were actively exploited by an Israel-based company in an episode likely involving the UAE government and a spy operation.

The NSO Group sells surveillance software that utilizes three zero-day vulnerabilities in iOS — it’s something that rarely happens in the wild, according to the team of researchers that reported the flaws to Apple. “Zero days” means the flaws were previously unknown, and a company had no time, or “zero days,” to fix them.

Recommended Videos

It all started with Ahmed Mansoor, a well-recognized human rights defender based in the United Arab Emirates. On August 10 and 11, Mansoor got an SMS on his iPhone “promising “new secrets” about detainees tortured in UAE jails if he clicked on an included link.

Related

Mansoor didn’t click the link — he sent it straight to Citizen Lab researchers housed in the University of Toronto. If Mansoor had followed the link, the exploit would have remotely jailbroken his iPhone 6, and installed spyware.

“Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements,” according to Citizen Labs’ report.

The team worked with researchers at Lookout Security and managed to track the exploit back to NSO Group, a “cyber-war” company that sells Pegasus, a government-exclusive “lawful intercept” spyware product. Oddly, NSO Group is owned by an American venture capital firm named Francisco Partners Management.

“The high cost of iPhone zero-days, the apparent use of NSO Group’s government-exclusive Pegasus product, and prior known targeting of Mansoor by the UAE government provide indicators that point to the UAE government as the likely operator behind the targeting,” the researchers write in the report.

Immediately after discovering Trident, Citizen Labs and Lookout Security notified Apple. The Cupertino company said it would address the vulnerabilities — and 10 days later, Apple patched them up in iOS 9.3.5. It’s likely the last update to iOS 9, as iOS 10 is likely to release soon.  

The exploit and patch come weeks after Apple announced its first bug bounty program, which is to begin as an invitation-only process with the company doling out rewards as high as $200,000 for discovered vulnerabilities.

The update is available to all devices running iOS 9 through an over-the-air update.

Editors' Recommendations

Topics
Julian Chokkattu
Julian Chokkattu
Former Digital Trends Contributor
Julian is the mobile and wearables editor at Digital Trends, covering smartphones, fitness trackers, smartwatches, and more…
iOS 17 might add a huge Android feature to your iPhone
App Store displayed on an iPhone 14 Pro against a pink background

As Apple’s Wideworld Developers Conferencce gets closer, the rumors have continued coming in at rapid succession. Over the weekend, in his Power On newsletter, Bloomberg’s Mark Gurman claims that iOS 17 will support app sideloading to comply with European regulations. This would allow iPhone users to download apps and games that are hosted on digital storefronts that are not Apple’s official App Store — something Android phones have been able to do for years.

With the ability to sideload apps, customers don’t necessarily need to use Apple’s App Store to download and purchase apps or make in-app purchases. This change would also mean developers can bypass Apple’s 15% to 30% fees from all purchases.

Read more
iOS 17 might add an iPhone feature I’ve waited three years for
iPhone 14 Pro home screen with custom app icons and the Activity and Fantastical widgets

With the Worldwide Developers Conference (WWDC) set for June 5, the Apple rumor mill has fully kicked into high gear. While the big-ticket announcement will surely be the long-rumored mixed reality headset from Apple, we’re also expecting the next round of software updates: iOS/iPadOS 17, watchOS 10, and macOS 14.

Originally, Mark Gurman at Bloomberg claimed that iOS 17 would be a “quiet” release, then backtracked and said it may bring several highly requested features from users over the years. Reports this week say that iOS 17 will improve some features like search, the Dynamic Island, and Control Center. Now, we're hearing it may even bring us interactive widgets.

Read more
Own an iPhone, iPad, or MacBook? Install this critical update right now
IOS 16.4.1 UPDATE.

Apple has released software updates for iPhones and iPads that are light on features, but they are critically important from a security perspective. The updates — iOS 16.4.1 and iPadOS 16.4.1 — started rolling out on Friday, but you should install them on your iPhone and iPad as soon as possible to protect your devices from attacks.

In its official release note, Apple says the updates patch two security flaws that “may have been actively exploited.” Now, Apple doesn’t disclose security issues before conducting thorough research, both in-house and in collaboration with cybersecurity experts. In a nutshell, when Apple publicly announces a security flaw, and it comes with a “Critical Vulnerability” badge, you should grab the fix as soon as Apple makes them available.

Read more