iOS 9.3.5 Update, Fixes and News: New Software Version to Patch High-Security Vulnerabilities
Apple released an important patched version of the iOS 9.3.5 today to solve high-security vulnerabilities found in its previous versions. Users can get the patches through updating their iOS.
The release came after two researchers from the University of Toronto's Munk School of Global Affairs, Bill Marczak and John Scott Railton, in cooperation with San Francisco mobile company Lookout, discovered holes that allowed targeted attacks called Trident.
What makes it even more worrisome is that investigations from Citizen Lab believe that a "cyber war" organization from Israel called the NSO Group is responsible for the attacks. They have been targeting three of Apple's vulnerabilities to spy on dissidents, social and human rights workers, and journalists.
Get Our Latest News for FREE
What Trident means
Trident is an invisible piece of malware that works like a classic phishing scheme, according to a blog post from Lookout. It works on a spyware product called Pegasus, which they said is the most sophisticated attack they've ever seen because it exploits vulnerabilities only available in mobile (3G/4G, Wi-Fi, camera, email, messaging, among others).
According to Lookout, the spyware installs persistent software aimed to gather more information. It targets three zero-day Apple vulnerabilities, which Apple hadn't previously known about. Highly-sophisticated and persistent, users almost never discover the intrusions.
It designed its tools to impersonate people from Facebook, Federal Express, CNN, Google, Al-Jazeera and even Pokémon Go to gain its targets' trust. It can also target various apps like FaceTime, Skype, WhatsApp, Calendar, WeChat, among others.
How it targets
Citizen Lab reported how the software targeted Ahmed Mansoor, an internationally-acclaimed human rights defender based in the United Arab Emirates.
Mansoor has been at the receiving end of repeated intrusion. This month, he received e-mails and messages purporting to contain details about prisoners being tortured in UAE jails. All the messages contained links. Mansoor then sent the messages to Citizen Lab who, alongside University of Toronto and Lookout, confirmed that he was being targeted.
Not just on Apple
According to Lookout's report, the spyware does not attack Apple discriminately. The spyware has been used for quite a while now and has been targeting high-value targets for espionage, including Android and Blackberry users. The intrusions all appear to persist even when the software is updated and could even replace itself when the exploits it uses become obsolete.
Fred Sainz, spokesperson for Apple, urged Apple users to always update their software immediately to avoid security vulnerabilities.
This is not the first time Apple has suffered major security flaws, however. Earlier this year, the Federal Bureau of Investigation hacked into the iPhone of one of the shooters in San Bernardino, California. Though state-sanctioned, the hack caused a furor across iPhone users, who insist that the same can be done against ordinary people.
