Skip to main content
  1. Home
  2. Mobile
  3. News

Update your iOS device to 9.3.5 as it fixes serious security vulnerabilities

By

apple ios 935 update os updates
Image used with permission by copyright holder
Got a notification to update your iOS device to 9.3.5? You really shouldn’t wait to install it — the new version fixes three security vulnerabilities that were actively exploited by an Israel-based company in an episode likely involving the UAE government and a spy operation.

The NSO Group sells surveillance software that utilizes three zero-day vulnerabilities in iOS — it’s something that rarely happens in the wild, according to the team of researchers that reported the flaws to Apple. “Zero days” means the flaws were previously unknown, and a company had no time, or “zero days,” to fix them.

It all started with Ahmed Mansoor, a well-recognized human rights defender based in the United Arab Emirates. On August 10 and 11, Mansoor got an SMS on his iPhone “promising “new secrets” about detainees tortured in UAE jails if he clicked on an included link.

Related

Mansoor didn’t click the link — he sent it straight to Citizen Lab researchers housed in the University of Toronto. If Mansoor had followed the link, the exploit would have remotely jailbroken his iPhone 6, and installed spyware.

“Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements,” according to Citizen Labs’ report.

The team worked with researchers at Lookout Security and managed to track the exploit back to NSO Group, a “cyber-war” company that sells Pegasus, a government-exclusive “lawful intercept” spyware product. Oddly, NSO Group is owned by an American venture capital firm named Francisco Partners Management.

“The high cost of iPhone zero-days, the apparent use of NSO Group’s government-exclusive Pegasus product, and prior known targeting of Mansoor by the UAE government provide indicators that point to the UAE government as the likely operator behind the targeting,” the researchers write in the report.

Immediately after discovering Trident, Citizen Labs and Lookout Security notified Apple. The Cupertino company said it would address the vulnerabilities — and 10 days later, Apple patched them up in iOS 9.3.5. It’s likely the last update to iOS 9, as iOS 10 is likely to release soon.  

The exploit and patch come weeks after Apple announced its first bug bounty program, which is to begin as an invitation-only process with the company doling out rewards as high as $200,000 for discovered vulnerabilities.

The update is available to all devices running iOS 9 through an over-the-air update.

Editors’ Recommendations

Topics
Julian Chokkattu
Julian Chokkattu
Former Digital Trends Contributor
Julian is the mobile and wearables editor at Digital Trends, covering smartphones, fitness trackers, smartwatches, and more…
Google is making it easier to ditch your iPhone for an Android phone
Samsung Galaxy S24 Ultra and iPhone 15 Pro in hand.

Switching phones is never a smooth process, even if you’re switching between two different Android phones. However, when you’re trying to switch from an iPhone to Android or vice versa, it can be extra complicated -- and you can lose data and apps that you rely on. This is especially the case with Apple-to-Android transfers because the iPhone has a much stronger ecosystem lock-in with things like iMessage, iCloud backups, and exclusive apps like Overcast and Hyperlapse.

The good news is that with its Data Transfer Tool (also called Pixel Migrate on Pixel devices), Google may be trying to mitigate some of the phone-switching problems that arise -- specifically, losing access to your Live Photos. According to an APK teardown from Android Authority, Google’s Data Transfer Tool will finally resolve the problem of migrating iOS Live Photos to Android. It will do this by converting them over as Motion Photos.

Read more
Here’s how iOS 18 could change the way you use your iPhone
The lock screen on the Apple iPhone 15 Plus.

It seems the long-overdue Siri overhaul will finally arrive at WWDC in just over a week from now, and the digital assistant will embrace AI trickery in all its forms. According to Bloomberg, Apple’s planned upgrades for Siri will deeply integrate with on-device functions at the OS level and with the installed apps, too.

“The new system will allow Siri to take command of all the features within apps for the first time,” the report says. The most notable capability is that Siri will only require voice prompts to interact with apps, thanks to a major change in the AI architecture powering it and putting large language models in command, just the way Gemini or ChatGPT draw their own skills from such models.

Read more
AT&T just made it a lot easier to upgrade your phone
AT&T Storefront with logo.

Do you want to upgrade your phone more than once a year? What about three times a year? Are you on AT&T? If you answered yes to those questions, then AT&T’s new “Next Up Anytime” early upgrade program is made for you. With this add-on, you’ll be able to upgrade your phone three times a year for just $10 extra every month. It will be available starting July 16.

Currently, AT&T has its “Next Up” add-on, which has been available for the past several years. This program costs $6 extra per month and lets you upgrade by trading in your existing phone after at least half of it is paid off. But the new Next Up Anytime option gives you some more flexibility.

Read more