Apple Releases Important iOS Update to guard against Malware

iPhone and iPad users should update to the latest version of iOS as soon as possible, following the latest security update from Apple. The new patch—iOS 9.3.5—arrived on Thursday, August 25th and was dubbed by Apple as an “important security update.” It addresses dangerous malware that was recently developed in the Middle East.

Writing for ZDNet, Zack Whittaker noted that iOS 9.3.5 is a patch for three different malware vulnerabilities, not just one. Working together, security researchers Citizen Lab and Lookout discovered the vulnerabilities and notified Apple about their existence. Lookout and Citizen Lab also gave the vulnerabilities the snappy, all-encompassing name of the Trident.

In a blog posted on the day of iOS 9.3.5’s release, Lookout described the issue as a “persistent mobile attack of high-value targets on iOS.” The malware in question attacks the Trident vulnerabilities and uses them to compromise iOS in several significant ways. Specifically, the malware acts as spyware, allowing hackers to access a device and browse contacts, read texts, and open emails. The malware can also give cyber-criminals the location of the device in question, or allow them to switch on the microphone and camera.

The malware originated in the Middle East, where a company in Israel figured out how to exploit the Trident vulnerabilities. Citizen Lab also noted that the government of the United Arab Emirates tried to use this spyware against human rights activist Ahmed Mansoor. Earlier this month, Mansoor received two text messages from a sender he didn’t recognize. He forwarded them to Citizen Lab, who discovered their true, malicious nature.

Citizen Lab says that if Mansoor had opened the text messages, they would have essentially turned his iPhone into a “sophisticated bugging device.” However, since Mansoor forwarded the texts to a security research company, not only has he avoided the threat, but he’s also brought about the fix. Mansoor’s decision allowed Citizen Lab and Lookout to discover the true nature of the spyware and the Trident vulnerabilities behind it. In turn, the two security research firms forwarded the information on to Apple, where the Trident vulnerabilities were promptly patched.

On his Twitter account, Whittaker praised Apple for their quick response—not only to this particular threat but also to others that have emerged recently. ” Love them or hate them, Apple’s ten-day turnaround to patch these flaws is impressive,” he wrote.

To download iOS 9.3.5, go to the Settings menu on your iPhone or iPad, tap General, and then select Software Update.