iOS 9.3.5 fixes serious zero-day vulnerabilities

We don't normally cover minor releases of iOS, but we're making an exception today as a sort of public service announcement. Apple has released an urgent update for iOS, version 9.3.5, that contains fixes for three zero-day vulnerabilities. The issues comprise two kernel-level exploits and a WebKit vulnerability, and have been confirmed to be under active attack.

The security issues were collectively found by researchers from Citizen Lab (University of Toronto) and the Lookout security company. Apple's security team worked in tandem with the researchers and was "very responsive," releasing a combined fix for all three issues at once—CVE-2016-4655, CVE-2016-4656, and CVE-2016-4657. We recommend that owners of iPhones, iPads, and even iPod Touches run a system update immediately.

Researchers took to calling the set of vulnerabilities "Trident." According to Lookout, Trident is used by a spyware product called "Pegasus," which the researchers say comprises "the most sophisticated attack [they've] ever seen on any endpoint." Although an attack begins with ye olde phishing text message or e-mail, the vulnerabilities allow the criminals complete access to the victims' phone and data without him being any the wiser. The researchers also believe that the exploits have been in the wild for quite a while—possibly ever since the release of iOS 7 back in September 2013.

Citizen Labs says that Pegasus was developed by an organization called NSO Group that reportedly specializes in "cyber war" and was acquired by Francisco Partners Management in 2010. The Trident vulnerabilities were apparently used to target Ahmed Mansoor, a human rights activist. Lookout also claims the Pegasus software package is used for "high-level corporate espionage" across iOS, Android, and Blackberry devices.

Comments closed
    • moog
    • 3 years ago

    Windows Phone FTW!

      • tipoo
      • 3 years ago

      [url<]http://imgur.com/JqYTmjn[/url<]

    • DarkUltra
    • 3 years ago

    Guys you’re not funny

    • tipoo
    • 3 years ago

    Wish updates like these were decoupled from the latest OS, i.e iOS6/7 running perfectly on an A5 while even 9 never got back up to that speed.

    It’s better than the rest of the mobile industry, sure, but a step beyond would be providing security updates at least (and hopefully Safari updates) to previous OS versions if someone wants to or needs to hang back.

      • ClickClick5
      • 3 years ago

      No. You will feed the Apple. FEED IT YOUR MONEY! UPGRADE EVERYTHING NOW!!!

      • adisor19
      • 3 years ago

      What are you talking about ?! A5 runs perfectly on iOS 9. The old as heck iPad 2 runs iOS 9.

      Adi

        • tipoo
        • 3 years ago

        I see multi second delays just opening a new tab with no other tabs open, going to the multitab view, half second hesitations just opening the multitasker, seconds to generate icons in the settings panel…It was rather smooth when it shipped with iOS6 (or did it ship with 5?)

        When I said never got back up there I meant back to the speed of 6 and late 7, not that it never got the OS.

          • blastdoor
          • 3 years ago

          I also feel that my iPad Air is running a bit pokey under iOS 9 compared to when it was new. It’s definitely disappointing. I’m not so conspiratorial as to believe that Apple is intentionally slowing down old devices, but I do suspect that they just aren’t trying very hard to optimize for older devices.

    • blastdoor
    • 3 years ago

    Yikes!

    Update installed.

    I sure am glad that I’m one of the lucky 100% of iOS 9 users who is able to download this patch….

      • LostCat
      • 3 years ago

      Smartass…
      hahaha

      • trackerben
      • 3 years ago

      Phew! And onto every lucky iOS mobile from the last five years, too.

    • Shobai
    • 3 years ago

    [quote<]Lookout also claims the Pegasus software package is used for "high-level corporate espionage" across iOS, Android, and Blackberry devices.[/quote<] Any word on how it affects Android or Blackberry?

      • DancinJack
      • 3 years ago

      SMS phishing, apparently.

      [url<]https://blog.lookout.com/blog/2016/08/25/lookout-trident-pegasus-enterprise-discovery/[/url<]

Pin It on Pinterest

Share This