Apple has just released the second iOS update in a month. After launching earlier this month iOS 9.3.4 that fixed a specific workaround that would allow an application “to execute arbitrary code with kernel privileges,” the Cupertino-based company is now getting more serious and fixes no less than three vulnerabilities in the latest patch.
Although it might look like a regular maintenance release that should fix some minor bugs and issues, iOS 9.3.5 is actually very important.
Apple has already released an official changelog for this update, but New York Times has more information and reports that “investigators discovered that a company called the NSO Group, an Israeli outfit that sells software that invisibly tracks a target’s mobile phone, was responsible for the intrusions.”
According to the same report, the Israeli company's software could read text messages and emails, as well as track calls and contacts. But that's not all, as the same software can even record sounds, collect passwords and trace the location of the phone user. How about that?
The current iOS 9.3.5 security update is Apple's answer to the vulnerabilities that the Israeli firm exploited, but it only managed to do so 10 days after it's been tipped by two of the researches that found these security holes.
NSO Group prides itself for its spyware, which is said to work like a “ghost,” tracking not only the moves, but also the strokes of the target. Until recently, it was unclear how this group was monitoring its targets, but the bubble burst when it was discovered the Israeli company has been tracking the moves of a human rights activist in the UAE.
Recommended Stories
After receiving several suspicious messages, the person tracked by NSO Group passed them on to security specialists at Citizen Lab, who determined the fact that they were an attempt to track him via his iPhone.
Citizen Lab and Lookout have dig even deeper and discovered that the tracking was possible through three older iOS vulnerabilities that Apple didn't knew about. This type of vulnerabilities are called “zero days” and they sell for large amounts of money, especially if they're iOS vulnerabilities.
Two of the vulnerabilities discovered are related to the kernel, while the other one to the WebKit, but all three should be fixed by installing the latest iOS update.
Speaking of which, iOS 9.3.5 is now available for download for iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later, so get it as soon as possible.
A discussion is a place, where people can voice their opinion, no matter if it
is positive, neutral or negative. However, when posting, one must stay true to the topic, and not just share some
random thoughts, which are not directly related to the matter.
Things that are NOT allowed:
Off-topic talk - you must stick to the subject of discussion
Offensive, hate speech - if you want to say something, say it politely
Spam/Advertisements - these posts are deleted
Multiple accounts - one person can have only one account
Impersonations and offensive nicknames - these accounts get banned
Moderation is done by humans. We try to be as objective as possible and moderate with zero bias. If you think a
post should be moderated - please, report it.
Have a question about the rules or why you have been moderated/limited/banned? Please,
contact us.
FCC OKs Cingular\'s purchase of AT&T Wireless
Things that are NOT allowed: