Psa Ios 9 3 5 Fixes Serious Security Exploit That Exposed Contacts Texts Calls Emails

Update: Apple has documented the security fix here.

Now that the just-released iOS 9.3.5 security update is now available, details about what exactly it fixes have been green lighted for release as well. Both Vice and NYT have detailed accounts of the very serious security issue that iOS 9.3.5 fixes…

The New York Times describes the exploit as one believed to be found an effort “to spy on dissidents and journalists.”

The report notes that the exploit was fixed 10 days after first being discovered, an an Apple spokesperson added that all customers should update to the new software version.

In response, Apple on Wednesday released a patched version of its mobile software, iOS 9.3.5. Users can get the patch through a normal software update.

Vice has a more eery account of how the exploit came to light:

And here’s more detail on the surveillance company behind the exploit:

“New secrets about torture of Emiratis in state prisons,” read the tantalizing message, which came accompanied by a link.

Mansoor, who had already been the victim of government hackers using commercial spyware products from FinFisher and Hacking Team, was suspicious and didn’t click on the link. Instead, he sent the message to Bill Marczak, a researcher at Citizen Lab, a digital rights watchdog at the University of Toronto’s Munk School of Global Affairs.

Also of concern is that the exploit is believed to date back to iOS 7:

NOS’s malware, which the company codenamed Pegasus, is designed to quietly infect an iPhone and be able to steal and intercept all data inside of it, as well as any communication going through it.

The 2010 iPhone 4 stopped receiving updates after iOS 7.1.2 and cannot update to the fix (so be aware). Apple’s iOS distribution data also says that 10% of active users are running iOS 8, although iOS 9 is compatible with any iOS 8 device and users can update.

The full Vice piece is especially worth a read, and all readers should advise family and friends to take the iOS 9.3.5 seriously if privacy is a concern. The latest iOS 10 beta already includes the fix.