iPhone users should update to iOS 9.3.5 immediately

“Apple Inc issued a patch on Thursday to fix a dangerous security flaw in iPhones and iPads after researchers discovered that a prominent United Arab Emirates dissident’s phone had been targeted with a previously unknown method of hacking,” Joseph Menn reports for Reuters.

“The thwarted attack on the human rights activist, Ahmed Mansoor, used a text message that invited him to click on a web link. Instead of clicking, he forwarded the message to researchers at the University of Toronto’s Citizen Lab,” Menn reports. “The hack is the first known case of software that can remotely take over a fully up-to-date iPhone 6.”

“Experts at Citizen Lab worked with security company Lookout and determined that the link would have installed a program taking advantage of a three flaws that Apple and others were not aware of,” Menn reports. “The researchers said they had alerted Apple a week and a half ago, and the company developed a fix and distributed it as an automatic update to iPhone 6 owners.”

“The Citizen Lab team attributed the attack software to a private seller of monitoring systems, NSO Group, an Israeli company that makes software for governments which can secretly target mobile phones and gather information,” Menn reports. “Tools such as that used in this case, a remote exploit for a current iPhone, cost as much as $1 million.”

Read more in the full article here.

MacDailyNews Take: If you haven’t yet backed up and updated your iOS devices to iOS 9.3.5, please do so ASAP.

About the security content of iOS 9.3.5

For our customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.

For more information about security, see the Apple Product Security page. You can encrypt communications with Apple using the Apple Product Security PGP Key.
Apple security documents reference vulnerabilities by CVE-ID when possible.

iOS 9.3.5
Released August 25, 2016

Kernel
Available for: iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later
Impact: An application may be able to disclose kernel memory
Description: A validation issue was addressed through improved input sanitization.
CVE-2016-4655: Citizen Lab and Lookout

Kernel
Available for: iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed through improved memory handling.
CVE-2016-4656: Citizen Lab and Lookout

WebKit
Available for: iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later
Impact: Visiting a maliciously crafted website may lead to arbitrary code execution
Description: A memory corruption issue was addressed through improved memory handling.
CVE-2016-4657: Citizen Lab and Lookout

SEE ALSO:
Apple boosts iPhone security after Mideast spyware discovery; releases iOS 9.3.5 – August 25, 2016

21 Comments

  1. Just recently, Apple, with the same usual arrogance, proudly and pompously announced in the media they were offering a 500,000$ reward to anyone who could identify any security vulnerability in iOS!!!

    QUESTION: Did Apple pay the 500,000$ reward they have promised to those who successfully report iOS security vulnerabilities.

    1. Other companies offer bounties for finding security vulnerabilities, so why the snarky comments about Apple?

      And you obviously didn’t watch Ivan Krstić’s keynote at Black Hat 2016, otherwise you would have known the bounty is $200K for Secure Boot firmware components, $100K for extracting confidential material from the Secure Enclave, $50K for executing arbitrary code with kernel privileges (which this exploit arguably falls under), $50K for unauthorised access to iCloud data on Apple server and $25K access from a sandboxed process process to user data outside that sandbox.

      But of course you knew that because you’re not a troll.

      Oh wait…

      Now go away or I shall taunt you a second time.

      =:~)

      1. I understand it breaks your heart to hear how extremely arrogant Apple is when it makes those types of claims.

        Unfortunately, arrogance has always been in Apple’s DNA thanks to Steve Jobs who, himself, lacked none!

        1. Arrogance is your interpretation. Confidence is how many would put it. Except for Steve who was definitely not lacking in confidence – on steroids! A certain amount of that is essential for everyone. So what’s the big deal?

          1. I most certainly agree that “Well balanced and measured confidence is a good thing”.

            Although, in Apple’s case, “Sheer arrogance is not a good thing” …

            Apple’s arrogance is the reason why the consistently fail to innovate and continue to offer their products at an excessively high premium to the consumer.

            1. While I agree there are some problems (especially with the Mac pro) I think it’s a little premature with an upgrade cycle looming. What’s your definition of “innovate?” Transporter technology? Warp Drive? Phaser weapons? Most “innovation” is more in the way of iteration improvements and that’s going to happen at points. Major innovation is and has always been rare. But I too miss the giddy days of a new paradigm product introduction. Apple Watch being the last one. I wonder of the fact Jobs doesn’t introduce new products any longer takes away from the significance of new products now when they come? The “reality distortion field” effect has gone away along with Jobs epic sense of wonder with something new.

            2. Amongst other things, what I mean by “innovation” is not only state-of-the-art hardware but also state-of-the-art software.

              Apple, despite always being the most expensive gizmos on the market, they consistently lag far behind in both categories.

              An example of state-of-the-art software is the ability to run any software I like on an Apple platform.

              In other words, I should be able to seamlessly run any iOS apps on any MacOS desktop (regardless of the version) and on any MacBook.

              Furthermore (let’s push the envelope here after all Apple likes to boast they are a major league player in the high-tech industry – which in my opinion it absolutely is not), how about being able to run any Windows apps and applications seamlessly on any Apple device.

              And how about the same for any Android apps and applications?

              What do you think about that?

              Let’s not forget that I expect Apple to sell products with top-of-the-line hardware, not recycled low level hardware as they typically sell these days.

              They know they can get away with it because Apple fans are used to getting less and paying more so why would Apple even bother?

              As consumers, we must constantly push the envelope and demand the best especially with a company like Apple which shamelessly sells their subpar products at a premium (overpriced) to the consumer.

              Just my humble opinion!

    2. “Hilarious” is a good term to describe your ridiculous demands. No company on this planet satisfies your demands, but I would argue that Apple is one of the top few who has the ability, resources, and corporate culture to do it.

      Hilarious, You must be a very unhappy person. nothing in this world can meet your exacting standards of acceptability.

  2. Any information on the latest iOS 10 Beta (7) regarding this? Are these security flaws present? If so, is Apple planning on releasing a new Beta to fix them?

    1. As far as I can tell, this bug is related to how safari handles kernel requests in iOS 9. And the new version in iOS 10 doesn’t seem to have the same issue, but we shall see.

  3. If you don’t typically click links in text messages from unknown and untrusted people, and you aren’t a high-value target, you are likely unaffected.

    Even so, you can check your device to see if it has been compromised by this malware with the free Lookout app from the App Store:

    Just open Lookout, sign up with an email and password, sign in, and if the Security section is green and says “Secure”, your device is not affected.

    Lookout believes the vast majority of users will not be impacted by Pegasus given the sophisticated, targeted nature of the attack. Given the high price tag associated with these attacks — Zerodium paid $1
    million for an iOS vulnerability last year — we believe this kind of software is very targeted, meaning the purchaser is likely to be both well-funded and specifically motivated.

    This spyware is quite sophisticated, as you can see by reading the technical analysis here:

    For the average iOS user, there’s little to worry about. Update to iOS 9.3.5, and if you are really paranoid that someone with millions of dollars to spend on spyware has targeted little, old you, run the free Lookout app, and you are done. ; )

    1. In this day and age, it seems strange to me that MDN would prevent you from editing your own posts. Even a 5-10 minute timed edit window would be better than nothing! :/

  4. People in the media — and on this board — seem to be freaking out about this. But this wasn’t some simple hack. This was a state-sponsored attack on a high-profile dissident.

    I’m glad Apple patched the holes ASAP, but I’m not sure ANY platform is safe from the determined efforts of any country’s military-industrial complex.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.