Less than a month before the expected release of iOS 10, Apple has released what’ll probably be the last update for the current iOS 9 software. However, we wouldn't advise skipping this one.
The firm is today rolling out iOS 9.3.5 and, even though most iPhone users will be rid of the OS in a few weeks, remains a must-download with Apple calling it. update is an “important security update.”
According to the New York Times, the update patches a trio of vulnerabilities that enable surveillance software to read iPhone users text messages, emails and track calls.
The Times’ writes: “Investigators discovered that a company called the NSO Group, an Israeli outfit that sells software that invisibly tracks a target’s mobile phone, was responsible for the intrusions. The NSO Group’s software can read text messages and emails and track calls and contacts. It can even record sounds, collect passwords and trace the whereabouts of the phone user.”
Apparently it has taken Apple ten days to plug the holes in iOS 9 and the update can be accessed over the air today.
The 39MB update doesn’t list a particular flaw, and the version is not yet listed on the security content section off Apple’s software updates page.
It’s been a long old haul for iOS 9, with early versions coming under fire for bricking older iPhone and iPad models. Apple must be looking forward to its retirement.
UPDATE: More has emerged about the spyware, which potentially enabled hackers to pry on targets if they clicked on a link within a text message.
The research companies who reported the flaws to Apple said they withheld details until Apple had addressed the situation (via BBC).
The texts were received by Arab lawyer and activist Ahmed Mansoor on August 10 and 11, promising to reveal details about people being tortured in the UAE if he clicked the link.
Had he clicked his iPhone would have been jailbroken. Thankfully for Ahmed, he did not and instead reported the incident.
The Israeli cyber-war organisation the NSO Group are believed to be behind the botched attack, which alerted Apple to three previously unknown weaknesses within Apple iOS 9.
"Once infected, Mansoor's phone would have become a digital spy in his pocket, capable of employing his iPhone's camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements," said Citizen Lab, who published today's report alongside US smartphone security firm Lookout.
"We are not aware of any previous instance of an iPhone remote jailbreak used in the wild as part of a targeted attack campaign, making this a rare find."
So yeah, download iOS 9.3.5 now.