Why It's Important to Install the iOS 9.3.5 Update Right Away

 
 
By Don Reisinger  |  Posted 2016-08-29
 
 
 
 
 
 
 
 
 
  • Previous
    Why It's Important to Install the iOS 9.3.5 Update Right Away
    Next

    Why It's Important to Install the iOS 9.3.5 Update Right Away

    Apple was quick to update iOS to patch malware that enables hackers install spyware on its devices and steal user data. Here's why users should update to iOS 9.3.5 immediately.
  • Previous
    The Story Starts With a Human Rights Activist
    Next

    The Story Starts With a Human Rights Activist

    The story of this critical flaw starts with Ahmed Mansoor, a human rights activist from the United Arab Emirates who was reportedly sent a link in a text message "about torture of Emiratis in state prisons." Had he clicked the link, the spyware would have been installed and his data stolen. Instead, he sent it off to security researcher Citizen Lab, which, along with security firm Lookout, investigated the issue and brought it to Apple's attention.
  • Previous
    Here's What the Trident Targets
    Next

    Here's What the Trident Targets

    In a blog post outlining their findings, security researchers at Lookout and Citizen Lab called the spyware software Pegasus and noted it's capable of exploring three zero-day vulnerabilities that it named the "Trident." According to the companies, the Trident can help hackers find the iOS kernel's location in memory, jailbreak the device at the kernel level and install its payload. The malware attacks devices by tricking users to click on a link that opens in the Safari browser.
  • Previous
    A Look at the 'Attack Sequence'
    Next

    A Look at the 'Attack Sequence'

    According to the security researchers, the payload delivers a typical phishing-like "attack sequence." First, a user is sent a text message with a link. If the user clicks the link, Safari is opened, a page is loaded, the iOS security flaws are exploited and the spyware is installed.
  • Previous
    Here's What the Flaw Can Extract
    Next

    Here's What the Flaw Can Extract

    The scope to which the spyware can capture data is staggering. According to the researchers, the spyware can access messages, calls and emails. It also can target third-party applications such as Gmail, Facebook, Skype and WhatsApp to steal all of the user data the apps contain. Worst of all, it was designed to live on after the initial data theft and survive Apple's annual updates. However, the special iOS 9.3.5 update fixes the flaws the Pegasus malware exploited.
  • Previous
    Users Would Never Know They Were Compromised
    Next

    Users Would Never Know They Were Compromised

    The trouble with the hack is that victims have no idea they've been compromised. In fact, the best exploits bring those users to pages that appear to be legitimate. However, an instant after the Pegasus malware is downloaded onto vulnerable devices, it can transfer data to the attackers without the device users ever knowing the difference.
  • Previous
    It Took Apple Less Than Two Weeks to Fix the Issue
    Next

    It Took Apple Less Than Two Weeks to Fix the Issue

    According to most reports, Apple moved swiftly to address the issue. The company released iOS 9.3.5 on Thursday, Aug. 25, which means it took Apple about 10 days to fix the problem after being notified about it and make it so the malware no longer could access user content. That's awfully fast, but it's unclear how many iOS users have downloaded the patch so far.
  • Previous
    Pegasus Is Actually Privately Developed Malware
    Next

    Pegasus Is Actually Privately Developed Malware

    Interestingly, it's not believed that Pegasus is a tool created by government hackers or individuals looking to scam users. Instead, Citizen Lab said it believes an Israel-based organization named NSO Group, which was acquired by U.S. company Francisco Partners Management in 2010, actually developed the spyware. Since then, the company has been selling the software to governments to help them hack other governments and individuals of interest, according to the report.
  • Previous
    It's Been 'in the Wild' for a Long Time
    Next

    It's Been 'in the Wild' for a Long Time

    Considering the software was developed several years ago and it can live on through software updates, it's believed to have been living in the iOS ecosystem for years. In fact, Lookout believes that hackers have been using the tool since iOS 7 with great effect.
  • Previous
    How to Download the Update
    Next

    How to Download the Update

    Apple hasn't been too willing to chat about the security issues in iOS that allowed Pegasus to work so stealthily. However, Apple has encouraged users to install the update. Users can access the iOS 9.3.5 update by going to Settings, choosing "general" and then "software update." This will enable them to download and install the update.
  • Previous
    Apple's Operating System Is at Risk
    Next

    Apple's Operating System Is at Risk

    The Pegasus malware should once and for all dispel the myth that iOS is not very vulnerable to critical security flaws and malware exploits. It also should dispel the myth that Android is somehow more vulnerable to security flaws than iOS. Granted, Android's reliance on carriers and device makers to push out updates remains a serious issue, but iOS is far from bullet-proof.
 

Scary malware has been discovered that would allow hackers to secretly install spyware on iOS devices, steal data and uninstall the spyware without ever leaving a trace. Just days after learning of the malware, which was used to target a human rights activist from the United Arab Emirates, Apple patched three related vulnerabilities in iOS 9.3.5. Although Apple has been very quiet about the flaw and its fix, just about every security researcher agrees it's imperative users install the update or face the possibility having their data stolen. This threat might seem remote to most people, but it's particularly important for people who use their devices for business or work in any sensitive position to install the update. The flaw, which also was in iOS 10, highlights just how important it is to remain security conscious on any mobile platform. It also shows that not even Apple's iOS, an operating system that some have considered more secure than Android over the years, isn't safe from malware threats. This slide show covers the iOS flaw and its repair in more detail so Apple mobile device users fully understand what is at stake.

 
 
 
 
 
Don Reisinger is a freelance technology columnist. He started writing about technology for Ziff-Davis' Gearlog.com. Since then, he has written extremely popular columns for CNET.com, Computerworld, InformationWeek, and others. He has appeared numerous times on national television to share his expertise with viewers. You can follow his every move at http://twitter.com/donreisinger.
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
Rocket Fuel