We don't normally cover minor releases of iOS, but we're making an exception today as a sort of public service announcement. Apple has released an urgent update for iOS, version 9.3.5, that contains fixes for three zero-day vulnerabilities. The issues comprise two kernel-level exploits and a WebKit vulnerability, and have been confirmed to be under active attack.
The security issues were collectively found by researchers from Citizen Lab (University of Toronto) and the Lookout security company. Apple's security team worked in tandem with the researchers and was "very responsive," releasing a combined fix for all three issues at once—CVE-2016-4655, CVE-2016-4656, and CVE-2016-4657. We recommend that owners of iPhones, iPads, and even iPod Touches run a system update immediately.
Researchers took to calling the set of vulnerabilities "Trident." According to Lookout, Trident is used by a spyware product called "Pegasus," which the researchers say comprises "the most sophisticated attack [they've] ever seen on any endpoint." Although an attack begins with ye olde phishing text message or e-mail, the vulnerabilities allow the criminals complete access to the victims' phone and data without him being any the wiser. The researchers also believe that the exploits have been in the wild for quite a while—possibly ever since the release of iOS 7 back in September 2013.
Citizen Labs says that Pegasus was developed by an organization called NSO Group that reportedly specializes in "cyber war" and was acquired by Francisco Partners Management in 2010. The Trident vulnerabilities were apparently used to target Ahmed Mansoor, a human rights activist. Lookout also claims the Pegasus software package is used for "high-level corporate espionage" across iOS, Android, and Blackberry devices.
|1. BIF - $340||2. Ryu Connor - $250||3. mbutrovich - $250|
|4. YetAnotherGeek2 - $200||5. End User - $150||6. Captain Ned - $100|
|7. Anonymous Gerbil - $100||8. Bill Door - $100||9. ericfulmer - $100|
|10. dkanter - $100|
|AMD drops prices on the Radeon RX 460 and RX 470||16|
|Reports: Radeon RX 470D is a budget Polaris card for China||5|
|Examining reports of slow write speeds on the 32GB iPhone 7||20|
|Cellular Insights dissects iPhone 7 Plus modem performance||10|
|Deals of the week: scads of high-performance storage and more||8|
|Tobii's Eye Tracker 4C knows where your head is||0|
|GeForce driver 375.57 is prepared for Titanfall 2||6|
|Phanteks Eclipse P400 gets a tempered glass option||0|
|Radeon 16.10.2 drivers add support for October's big games||10|
|A real "console monitor" would be 720p @ 30 Hz ;P||+58|