Urgent iOS 9.3.5 Security Update for iPhone, iPod and iPad

ios 9.3.5 security update trident
Share the knowledge

Yesterday Apple released an urgent security date for iOS, affecting all iOS devices, such as iPhone, iPad, and iPod. Security update 9.3.5 is essentially a security patch, to fix not one, but three different security holes that have been known to be exploited by spyware created by an American-owned Israeli group known as the NSO Group. NSO Group was acquired by San Francisco-based equity fund Francisco Partners in 2014.

The software, dubbed ‘Pegasus’, takes advantage of the three security holes and allows a target iPhone or other iOS device to be tracked – the trio of security vulnerabilities on which Pegasus is built is known as Trident. Pegasus has already been deployed and used against known targets and victims. The New York Times calls the NSO group “One of the world’s most evasive digital arms dealers” and explains that their software (spyware) takes advantage of these security holes to spy on journalists, dissidents, and others.

The software being distributed by the NSO group, and which can be installed on an iPhone as easily as having an unsuspecting user simply click on a link, can, among other things:

  • Read text mesages
  • Read email
  • Read passwords
  • Read contacts
  • Record calls and other sounds
  • Track calls
  • Track the location of the user
  • Turn on your camera
  • Turn on your microphone and record what it hears

One known target victim is Ahmed Mansoor, a human rights activist from the United Arab Emirates.

As security firm Lookout, who was involved in researching Pegasus and the Trident exploit, explains, “Ahmed Mansoor is an internationally recognized human rights defender and a Martin Ennals Award Laureate (sometimes referred to as a “Nobel prize for human rights”), based in the United Arab Emirates (UAE). On August 10th and 11th, he received text messages promising “secrets” about detainees tortured in UAE jails if he clicked on an included link. Instead of clicking, Mansoor sent the messages to Citizen Lab researchers. Recognizing the links as belonging to an exploit infrastructure connected to NSO group, Citizen Lab collaborated with Lookout to determine that the links led to a chain of zero-day exploits that would have jailbroken Mansoor’s iPhone and installed sophisticated malware.”

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

Lookout goes on to say that “Pegasus is the most sophisticated attack we’ve seen on any endpoint because it takes advantage of how integrated mobile devices are in our lives and the combination of features only available on mobile — always connected (WiFi, 3G/4G), voice communications, camera, email, messaging, GPS, passwords, and contact lists. It is modular to allow for customization and uses strong encryption to evade detection.”

(You can read Lookout’s full report on this here.)

So far there has been no comment from NSO Group’s American owner, Francisco Partners.

To install and update to iOS 9.3.5, go to Settings

iphone settings icon

 

Click on ‘General’

ios iphone settings general

 

Click on ‘Software Update’

ios iphone software update 9.3.5

 

Click on ‘Download and Install’

9.3.5 download and install

 

That’s it, all fixed!

Get New Internet Patrol Articles by Email!

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

 


Share the knowledge

One thought on “Urgent iOS 9.3.5 Security Update for iPhone, iPod and iPad

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.