Apple releases iOS 9.3.5 update, patches important vulnerabilities that would allow iPhone owners to be tracked

Apple releases iOS 9.3.5 update, patches important vulnerabilities that would allow iPhone owners to be tracked
Apple has just released the second iOS update in a month. After launching earlier this month iOS 9.3.4 that fixed a specific workaround that would allow an application “to execute arbitrary code with kernel privileges,” the Cupertino-based company is now getting more serious and fixes no less than three vulnerabilities in the latest patch.

Although it might look like a regular maintenance release that should fix some minor bugs and issues, iOS 9.3.5 is actually very important.

Apple has already released an official changelog for this update, but New York Times has more information and reports that “investigators discovered that a company called the NSO Group, an Israeli outfit that sells software that invisibly tracks a target’s mobile phone, was responsible for the intrusions.”

According to the same report, the Israeli company's software could read text messages and emails, as well as track calls and contacts. But that's not all, as the same software can even record sounds, collect passwords and trace the location of the phone user. How about that?

The current iOS 9.3.5 security update is Apple's answer to the vulnerabilities that the Israeli firm exploited, but it only managed to do so 10 days after it's been tipped by two of the researches that found these security holes.

NSO Group prides itself for its spyware, which is said to work like a “ghost,” tracking not only the moves, but also the strokes of the target. Until recently, it was unclear how this group was monitoring its targets, but the bubble burst when it was discovered the Israeli company has been tracking the moves of a human rights activist in the UAE.


After receiving several suspicious messages, the person tracked by NSO Group passed them on to security specialists at Citizen Lab, who determined the fact that they were an attempt to track him via his iPhone.

Citizen Lab and Lookout have dig even deeper and discovered that the tracking was possible through three older iOS vulnerabilities that Apple didn't knew about. This type of vulnerabilities are called “zero days” and they sell for large amounts of money, especially if they're iOS vulnerabilities.

Two of the vulnerabilities discovered are related to the kernel, while the other one to the WebKit, but all three should be fixed by installing the latest iOS update.

Speaking of which, iOS 9.3.5 is now available for download for iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later, so get it as soon as possible.

FEATURED VIDEO

35 Comments

1. kiko007

Posts: 7520; Member since: Feb 17, 2016

Hmmmmmmm........super spyware patch then? Okay, but these pro hackers seriously suck at their job if they left a footprint big enough to get tracked back to them.

15. cosmin.v

Posts: 48; Member since: Aug 22, 2016

The spyware they use doesn't leave any footprints usually. It was the weird messages the tracked person received that tipped him off about the intrusion.

17. kiko007

Posts: 7520; Member since: Feb 17, 2016

Oh okay. Thanks for the info.

19. techperson211

Posts: 1280; Member since: Feb 27, 2014

I thought they are already being tracked? NSA, FBI etc....

20. kiko007

Posts: 7520; Member since: Feb 17, 2016

Your probably right, but those are intelligence agencies. I'd expect them to be on top of this info. I'm just glad nothing too serious came of this (at least none yet).

2. Mxyzptlk unregistered

Good of Apple to patch up the holes and keeping the iphone secure.

3. JC557

Posts: 1925; Member since: Dec 07, 2011

Can't deny Apple for being pretty quick about patching things but it also helps to not have carriers meddling with the phone/ OS

4. sgtdisturbed47

Posts: 969; Member since: Feb 02, 2012

Pretty darn fast. This is one reason why I like iPhone, despite its shortcomings.

33. YOURDADkid unregistered

Lol are you kidding me???? App store is the worst thing in Apple Products. Takes ages to load (Don't blame on Data speed, I have stronger connection and on my S6 Edge Play store loads in seconds) and I don't know if you have found a glitch on it or not. But I tested 6 to 7 iPhones and if you go to store and click on Grossing it will open Wishlist. I am wondering why Apple and iSheep did't noticed it.

5. guests

Posts: 196; Member since: Jun 19, 2016

Wait, according to the sheep io-ass is the most secured mobile operating system in the universe, right??

9. Mxyzptlk unregistered

If you want Fort Knox security on a phone, be one of the few to use a blackberry. Nothing is more secure than a blackberry. Of course I know you're just trying to bait an argument.

36. flyingcarpet

Posts: 1; Member since: Aug 29, 2016

Absolutely agree! BB has the best security, in my opinion. And their email application is world's better than Apple's. I really hated going from the Q10 to the latest Apple iPhone but during my research it looked more and more RIM was turning our those f$@/ing Android systems garmented as Blackberrys. I wasn't living with that nightmare. How I do miss the BB simply because its security has yet to be equaled, by my experience, nor its email capabilities. Definitely a production device for literate grown-ups not relying on spending their quality time playing the 21st century version of Donkey Kong and its 57 varieties.

10. kiko007

Posts: 7520; Member since: Feb 17, 2016

If you think any form of software is invulnerable, you're an idiot. We iOS users have never claimed otherwise, we simply acknowledge Apple being faster to act. Meanwhile, the only Android OEMs who've even disclosed the latest malware epidemic (let alone patched it) are Sony, Samsung, and BlackBerry (the first to crush it).

13. meanestgenius

Posts: 22394; Member since: May 28, 2014

Totally agree with you here. Apple is damn fast at releasing patches, almost as fast as BlackBerry, which is saying a lot since BlackBerry is a security based company. It's one of the main reasons why I choose to use BlackBerry's Secured version of Android, as opposed to one of the other Android OEM's that have been making Android handsets longer.

34. YOURDADkid unregistered

Ha ha ha Good one. Only releasing fast patches doesn't make sense. Resolving issues and correction makes sense. Apple release patches fast but glitches remains the same.

35. meanestgenius

Posts: 22394; Member since: May 28, 2014

But we're talking about fast-patching of vulnerabilities, correct? In that retrospect, what I said is spot on. And Android has glitches the same as iOS does.

16. steodoreben

Posts: 379; Member since: Sep 26, 2013

@guests I have to agree with you. Apple executives claimed that statement. LOL. Anyway, they did an amazing job for releasing the update immediately.

27. hillaryisacriminal

Posts: 242; Member since: Aug 26, 2016

calm down dude just keep using ur android .

6. meanestgenius

Posts: 22394; Member since: May 28, 2014

Love the speed in which Apple releases patches for vulnerabilities. Almost as fast as the speed in which BlackBerry releases patches for Android vulnerabilities. Kudos, Apple.

7. EC112987

Posts: 1216; Member since: Nov 10, 2014

Stop jailbreak update that's all this is

11. lyndon420

Posts: 6861; Member since: Jul 11, 2012

Yeah that's supposed to be coming soon...or has it? ;)

8. lyndon420

Posts: 6861; Member since: Jul 11, 2012

Careful...you must always use caution when updating your iPhone. It might brick on you ;-)

12. Mxyzptlk unregistered

Actually it's much more harder to brick an iOS device than an Android device. #Schooled

18. joey_sfb

Posts: 6794; Member since: Mar 29, 2012

https://www.theguardian.com/technology/2016/feb/19/error-53-apple-issues-fix-bricked-iphones Take note that Apple are forced to fix the problem they had created after a class action lawsuit. Mxy, you were saying??

22. AlikMalix unregistered

Joey, Apple ahs replaced, repaired those error 53 devices and acknowledged the problem and got it patched fast. I don't want to bring android response to problems - but you know what I'm talking about don you? It's funny that everytime theses links are posted it was like a year ago and were patched within a week. Old and inapplicable news - that's all that is. It's the same as bringing up that your wife am was pregnant when your kid is already in high school.

23. joey_sfb

Posts: 6794; Member since: Mar 29, 2012

I would expect you to at least click on the link and do a bit of investigative work before firing off. At least one year!? Fast? Even after their initial refusal to fix the problem. The news is Feb this year. Besides, my purpose is not to talk down Apple without any proof to back me up like mxy did. At the end of the day it's your money so buy all the Apple gadget you want. Don't expect everyone to agree that it's the smart thing to do. Cause i don't.

24. AlikMalix unregistered

My point is it's old news, it's been dealt with even if you had replaced the phone with your own money - Apple even remedy that. What else can you ask for?

31. Mxyzptlk unregistered

I see you're deflecting from the truth after getting schooled.

21. TechieXP1969

Posts: 14967; Member since: Sep 25, 2013

At least I don't make BS false claims about what a pbone can or can't do.. You just outright knowingly lie and make crap up

25. AlikMalix unregistered

Yes you do!!! Nearly every post is half truth and made up "statistics" and opinions stated as "facts"!!!

* Some comments have been hidden, because they don't meet the discussions rules.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.