Why It's Important to Install the iOS 9.3.5 Update Right Away

Why It's Important to Install the iOS 9.3.5 Update Right Away
The Story Starts With a Human Rights Activist
Here's What the Trident Targets
A Look at the 'Attack Sequence'
Here's What the Flaw Can Extract
Users Would Never Know They Were Compromised
It Took Apple Less Than Two Weeks to Fix the Issue
Pegasus Is Actually Privately Developed Malware
It's Been 'in the Wild' for a Long Time
How to Download the Update
Apple's Operating System Is at Risk
1 of 11

Why It's Important to Install the iOS 9.3.5 Update Right Away

Apple was quick to update iOS to patch malware that enables hackers install spyware on its devices and steal user data. Here's why users should update to iOS 9.3.5 immediately.

2 of 11

The Story Starts With a Human Rights Activist

The story of this critical flaw starts with Ahmed Mansoor, a human rights activist from the United Arab Emirates who was reportedly sent a link in a text message "about torture of Emiratis in state prisons." Had he clicked the link, the spyware would have been installed and his data stolen. Instead, he sent it off to security researcher Citizen Lab, which, along with security firm Lookout, investigated the issue and brought it to Apple's attention.

3 of 11

Here's What the Trident Targets

In a blog post outlining their findings, security researchers at Lookout and Citizen Lab called the spyware software Pegasus and noted it's capable of exploring three zero-day vulnerabilities that it named the "Trident." According to the companies, the Trident can help hackers find the iOS kernel's location in memory, jailbreak the device at the kernel level and install its payload. The malware attacks devices by tricking users to click on a link that opens in the Safari browser.

4 of 11

A Look at the 'Attack Sequence'

According to the security researchers, the payload delivers a typical phishing-like "attack sequence." First, a user is sent a text message with a link. If the user clicks the link, Safari is opened, a page is loaded, the iOS security flaws are exploited and the spyware is installed.

5 of 11

Here's What the Flaw Can Extract

The scope to which the spyware can capture data is staggering. According to the researchers, the spyware can access messages, calls and emails. It also can target third-party applications such as Gmail, Facebook, Skype and WhatsApp to steal all of the user data the apps contain. Worst of all, it was designed to live on after the initial data theft and survive Apple's annual updates. However, the special iOS 9.3.5 update fixes the flaws the Pegasus malware exploited.

6 of 11

Users Would Never Know They Were Compromised

The trouble with the hack is that victims have no idea they've been compromised. In fact, the best exploits bring those users to pages that appear to be legitimate. However, an instant after the Pegasus malware is downloaded onto vulnerable devices, it can transfer data to the attackers without the device users ever knowing the difference.

7 of 11

It Took Apple Less Than Two Weeks to Fix the Issue

According to most reports, Apple moved swiftly to address the issue. The company released iOS 9.3.5 on Thursday, Aug. 25, which means it took Apple about 10 days to fix the problem after being notified about it and make it so the malware no longer could access user content. That's awfully fast, but it's unclear how many iOS users have downloaded the patch so far.

8 of 11

Pegasus Is Actually Privately Developed Malware

Interestingly, it's not believed that Pegasus is a tool created by government hackers or individuals looking to scam users. Instead, Citizen Lab said it believes an Israel-based organization named NSO Group, which was acquired by U.S. company Francisco Partners Management in 2010, actually developed the spyware. Since then, the company has been selling the software to governments to help them hack other governments and individuals of interest, according to the report.

9 of 11

It's Been 'in the Wild' for a Long Time

Considering the software was developed several years ago and it can live on through software updates, it's believed to have been living in the iOS ecosystem for years. In fact, Lookout believes that hackers have been using the tool since iOS 7 with great effect.

10 of 11

How to Download the Update

Apple hasn't been too willing to chat about the security issues in iOS that allowed Pegasus to work so stealthily. However, Apple has encouraged users to install the update. Users can access the iOS 9.3.5 update by going to Settings, choosing "general" and then "software update." This will enable them to download and install the update.

11 of 11

Apple's Operating System Is at Risk

The Pegasus malware should once and for all dispel the myth that iOS is not very vulnerable to critical security flaws and malware exploits. It also should dispel the myth that Android is somehow more vulnerable to security flaws than iOS. Granted, Android's reliance on carriers and device makers to push out updates remains a serious issue, but iOS is far from bullet-proof.

Top White Papers and Webcasts