Apple issues iOS 9.3.5 update, patching serious security issues discovered just 10 days ago

Posted:
in iPhone edited August 2016
Apple on Thursday pushed out yet another important update for its iOS 9 operating system, addressing serious security holes apparently exploited by an Israeli hacking firm, in what could be the final patch ahead of the release of iOS 10.




iOS 9.3.5 is now available through Software Update on compatible devices, and can also be installed through iTunes on a connected Mac or PC. As with the previous release, Apple has characterized the latest build as an "important security update" recommended for all users.

Apple turned around the patch quickly, just 10 days after a pair of security researchers alerted the company to potential flaws in the OS, according to The New York Times. The issues were said to be exploited by an Israeli company called the NSO Group that specializes in tracking the mobile phones of targets.

While it's unclear just how much access the NSO Group had to devices running iOS 9, Thursday's report noted that the group had developed software that could read text messages, emails, calls, contacts and more. Whether the full range of exploits were specific to the iPhone, or if they applied to other smartphone models, is unclear.

"It can even record sounds, collect passwords, and trace the whereabouts of the phone user," the report said.

The security holes were discovered by Bill Marczak and John Scott-Railton.




The launch of iOS 9.3.5 comes a few weeks after iOS 9.3.4 was publicly released. Like that update, iOS 9.3.5 also did not have a beta period for developers or testers.

Apple is set to release its next major platform update, iOS 10, this fall, likely in September. It includes major notification improvements, third-party app support for Siri voice prompts, and upgrades to native apps including Messages, Maps and Photos.

For more on iOS 10, see AppleInsider's ongoing Inside iOS 10 series.
«1

Comments

  • Reply 1 of 22
    TurboPGTTurboPGT Posts: 355member
    I wonder if this patch was in iOS 10 beta 7 and its why they rushed it out last Friday.
  • Reply 2 of 22
    Imagine you're stuck on Android and having to wait god knows how long before you get the fix (that is, IF you get it). Even owners of the S7 or Note 7 are going to have to wait 30 days to get their security updates (until Samsung decides 30 days is too much work and they start slipping release times).
    magman1979lostkiwi
  • Reply 3 of 22
    lkrupplkrupp Posts: 7,062member
    Imagine you're stuck on Android and having to wait god knows how long before you get the fix (that is, IF you get it). Even owners of the S7 or Note 7 are going to have to wait 30 days to get their security updates (until Samsung decides 30 days is too much work and they start slipping release times).
    But we never hear of actual, confirmed and verified cases of users’ identity or personal data being compromised in the wild... on either platform. I suppose things could happen with out the user’s knowledge but these security flaws don’t seem to be used by typical criminals. Is it just governments and spy agencies that use this stuff?
    singularitygatorguy
  • Reply 4 of 22
    lkrupp said:
    But we never hear of actual, confirmed and verified cases of users’ identity or personal data being compromised in the wild...
    Not as such, but I'd be willing to bet money these larger, more public data breaches (think DNC, nearly everything Wikileaks gets, etc) started by hackers accessing unprotected users' mobile devices, lifting credentials from there, then easily penetrating sensitive systems using legitimate access criteria.
    edited August 2016 baconstang
  • Reply 5 of 22
    singularitysingularity Posts: 1,329member
    sog35 said:
    lkrupp said:
    But we never hear of actual, confirmed and verified cases of users’ identity or personal data being compromised in the wild... on either platform. I suppose things could happen with out the user’s knowledge but these security flaws don’t seem to be used by typical criminals. Is it just governments and spy agencies that use this stuff?
    I've experienced it when I had an Android phone.

    My apps would no longer work because I could not update the software.

    Also on my Android tablet I actually lost in app purchases. I bought $5 worth of dots. The tablet crashed and my dots were gone.

    That's when I swore I would never own an Android tablet/phone ever again. POS.
    So you equate not being able to update apps with the security being compromised and data losses to nefarious people?
    gatorguycnocbuihtatc
  • Reply 6 of 22
    zroger73zroger73 Posts: 710member
    The phrase, "in what could be the final patch ahead of the release of iOS 10" is becoming cliché around here.
    coolfactor
  • Reply 7 of 22
    cnocbuicnocbui Posts: 3,613member
    sog35 said:
    sog35 said:
    lkrupp said:
    But we never hear of actual, confirmed and verified cases of users’ identity or personal data being compromised in the wild... on either platform. I suppose things could happen with out the user’s knowledge but these security flaws don’t seem to be used by typical criminals. Is it just governments and spy agencies that use this stuff?
    I've experienced it when I had an Android phone.

    My apps would no longer work because I could not update the software.

    Also on my Android tablet I actually lost in app purchases. I bought $5 worth of dots. The tablet crashed and my dots were gone.

    That's when I swore I would never own an Android tablet/phone ever again. POS.
    So you equate not being able to update apps with the security being compromised and data losses to nefarious people?
    Go ahead and don't update your phone/computer for a couple of years and tell me what happens.


    I haven't updated one of my phones since about 2011.  What happened is it continued to work and still works today.
    htatc[Deleted User]
  • Reply 8 of 22
    plovellplovell Posts: 800member
    what  type of phone is this? Flip phone? LOL

    Maybe it has an actual cord? you know, the coily-cords that old tele-phones had?
    lollivermagman1979
  • Reply 9 of 22
    This is just one reason why it worth paying more for an Apple device. 
    magman1979
  • Reply 10 of 22
    coolfactorcoolfactor Posts: 1,461member
    cnocbui said:
    sog35 said:

    Go ahead and don't update your phone/computer for a couple of years and tell me what happens.

    I haven't updated one of my phones since about 2011.  What happened is it continued to work and still works today.
    I'm running an iPhone that hasn't been updated since 2011... iPhone 4 running iOS 7.1.2. Phone runs perfectly fine albeit a bit slow and crashy at times. So you're right. But the difference is that when updates are available, and you refuse to install them, it's likely asking for trouble.
    htatccnocbui
  • Reply 11 of 22
    TurboPGT said:
    I wonder if this patch was in iOS 10 beta 7 and its why they rushed it out last Friday.
    I guess it's ok to talk about it now... beta 7 was rushed out after I found a serious serious battery issue that caused the battery to drop rapidly. I found it Monday after beta 6 , but I thought maybe my charger wasn't working properly so I just dismissed it. 

    Then Tuesday morning I grabbed my phone at 7:00am after charging all night and started to read a book. In 30 minutes my battery dropped to 84%!  Holy crap. After another 30 minutes 64%. And so on and so on. 

    I immediatrly called my contact on the inside in engineering and explained what was going on and proof that it wasn't just my fault hone. My roommate complained Monday that by 12:30 his phone completely died and needed me to bring him a charger. He's a pharmacy manager and they use it to check drug interactions if the computer gets moving too slowly. I also told him that I had been taking screen shots to have proof. 

    My contact sent me a program they use at Apple to "log" battery activity (I'm trying to be as vague as possible abd word things carefully so I don't get into trouble). 

    After installing and getting the initial info to them, they had me re-charge my phone to 100% and start over, I also sent a screen shot every 15 minutes to show how quickly the draining was. By noon I had only 2% so I sent it quickly then it died. 

    Kerp in mind I had NOTHING open and NOTHING running. I even stopped reading. I just left it on the table next to the laptop. 

    The next day they sent me a version of IOS to see if it fixed it the problem. It did and the following day beta 7 came out. Now everything is working correctly.

    I thought it was strange when they released beta 7 there were no release notes but my friend said the word "battery" is a word they try to avoid using at all costs because mentioning it causes people to start obsessing with their device and even a 1% differential and people start reporting "the sky is falling the sky is falling". 

    The main thing is they were able to identify "it" (the problem) quickly and (the battery life) is actually working better than it has during any of the 6 previous betas. I want to say exactly what is was but I was reminded of the NDA about 100 times during the process of testing and fixing so... just glad it's fixed and even improved now. I swear I'm getting an extra hour than I was before. I guess that's the obsessing thing they try to avoid. GRIN 
    edited August 2016 Deelron
  • Reply 12 of 22
    kmareikmarei Posts: 77member
    I'm running an iPhone that hasn't been updated since 2011... iPhone 4 running iOS 7.1.2. Phone runs perfectly fine albeit a bit slow and crashy at times. So you're right. But the difference is that when updates are available, and you refuse to install them, it's likely asking for trouble.
    I'm using an iPhone 5s running iOS 8.4, it's jailbroken
    and just because I'm not updating, that doesn't mean it has security issues
    i've downloaded fixes for most security holes before Apple had addressed them in iOS updates.
    most of those patches are readily available on Cydia.
    never again am I updating a whole number on any Apple iOS device again
    i had a perfectly working iPad 3 running iOS 8
    upgraded to iOS 9, and it totally killed the machine
    i suspected it was my backup, so I reset the entire device
    set it up as new, and turned off all the fancy features
    still sucked. Evening launching safari took ages
    so I have no doubt they add features just to make the older devices obsolete, so people think maybe it's time I buy a new device.
  • Reply 13 of 22
    magman1979magman1979 Posts: 1,129member
    kmarei said:
    I'm running an iPhone that hasn't been updated since 2011... iPhone 4 running iOS 7.1.2. Phone runs perfectly fine albeit a bit slow and crashy at times. So you're right. But the difference is that when updates are available, and you refuse to install them, it's likely asking for trouble.
    I'm using an iPhone 5s running iOS 8.4, it's jailbroken
    and just because I'm not updating, that doesn't mean it has security issues
    i've downloaded fixes for most security holes before Apple had addressed them in iOS updates.
    most of those patches are readily available on Cydia.
    never again am I updating a whole number on any Apple iOS device again
    i had a perfectly working iPad 3 running iOS 8
    upgraded to iOS 9, and it totally killed the machine
    i suspected it was my backup, so I reset the entire device
    set it up as new, and turned off all the fancy features
    still sucked. Evening launching safari took ages
    so I have no doubt they add features just to make the older devices obsolete, so people think maybe it's time I buy a new device.
    Stupid would not even to begin to describe your idiotic foolishness... If you read the report about these security vulnerabilities, you'd know that by NOT updating, you may not ever KNOW you've been hacked, and bleeding data left and right.

    Congrats, here's a DUNCE cap for you...
  • Reply 14 of 22
    cnocbuicnocbui Posts: 3,613member
    sog35 said:
    cnocbui said:
    sog35 said:

    Go ahead and don't update your phone/computer for a couple of years and tell me what happens.


    I haven't updated one of my phones since about 2011.  What happened is it continued to work and still works today.
    what  type of phone is this? Flip phone? LOL

    A Samsung Wave - it runs Bada OS.  Samsung stopped development of that OS and instead switched to Tizen.
    edited August 2016
  • Reply 15 of 22
    subbies said:
    This is just one reason why it worth paying more for an Apple device. 

    Edit: Misread the comment. Never mind.
    edited August 2016
  • Reply 16 of 22
    elehcdnelehcdn Posts: 376member
    cnocbui said:
    sog35 said:
    cnocbui said:
    sog35 said:

    Go ahead and don't update your phone/computer for a couple of years and tell me what happens.


    I haven't updated one of my phones since about 2011.  What happened is it continued to work and still works today.
    what  type of phone is this? Flip phone? LOL

    A Samsung Wave - it runs Bada OS.  Samsung stopped development of that OS and instead switched to Tizen.
    So you are running a phone that is so old that no one would bother to waste their time to hack? I guess that is one solution, but then again, you might as well use a flip phone for all the functionality your are getting.
  • Reply 17 of 22
    elehcdnelehcdn Posts: 376member
    razormaid said:
    TurboPGT said:
    I wonder if this patch was in iOS 10 beta 7 and its why they rushed it out last Friday.
    I guess it's ok to talk about it now... beta 7 was rushed out after I found a serious serious battery issue that caused the battery to drop rapidly. I found it Monday after beta 6 , but I thought maybe my charger wasn't working properly so I just dismissed it. 
    <snip>

    The main thing is they were able to identify "it" (the problem) quickly and (the battery life) is actually working better than it has during any of the 6 previous betas. I want to say exactly what is was but I was reminded of the NDA about 100 times during the process of testing and fixing so... just glad it's fixed and even improved now. I swear I'm getting an extra hour than I was before. I guess that's the obsessing thing they try to avoid. GRIN 
    Wait, the public beta is still at beta 6 ... I have been running for over a week and haven't seen this issue ...
  • Reply 18 of 22
    cnocbuicnocbui Posts: 3,613member
    elehcdn said:
    cnocbui said:
    sog35 said:
    cnocbui said:
    sog35 said:

    Go ahead and don't update your phone/computer for a couple of years and tell me what happens.


    I haven't updated one of my phones since about 2011.  What happened is it continued to work and still works today.
    what  type of phone is this? Flip phone? LOL

    A Samsung Wave - it runs Bada OS.  Samsung stopped development of that OS and instead switched to Tizen.
    So you are running a phone that is so old that no one would bother to waste their time to hack? I guess that is one solution, but then again, you might as well use a flip phone for all the functionality your are getting.
    Does that apply to someone still using an iPhone 4?
  • Reply 19 of 22
    knowitallknowitall Posts: 1,322member
    Oops, that makes clear Apples software is not up to par (any more) and is developed in a very insecure way.
    Maybe swift is a (the) glimmer of hope I this respect, but so far no signs of a rewrite of the OS and all of its libraries. IOSsec is a long way out, it's more iOSsuck right now.

    Edit: I really do hope Apple steps up to the plate and makes its software really (and provable) secure, if not they will join the ranks of MS and Android and will make switching a real option.
    edited August 2016
  • Reply 20 of 22
    elehcdn said:
    razormaid said:
    TurboPGT said:
    I wonder if this patch was in iOS 10 beta 7 and its why they rushed it out last Friday.
    I guess it's ok to talk about it now... beta 7 was rushed out after I found a serious serious battery issue that caused the battery to drop rapidly. I found it Monday after beta 6 , but I thought maybe my charger wasn't working properly so I just dismissed it. 
    <snip>

    The main thing is they were able to identify "it" (the problem) quickly and (the battery life) is actually working better than it has during any of the 6 previous betas. I want to say exactly what is was but I was reminded of the NDA about 100 times during the process of testing and fixing so... just glad it's fixed and even improved now. I swear I'm getting an extra hour than I was before. I guess that's the obsessing thing they try to avoid. GRIN 
    Wait, the public beta is still at beta 6 ... I have been running for over a week and haven't seen this issue ...
    It would have been your beta 5 with the battery issue. Your beta 6 was our beta 7 fix. Between 5 and 6 for you was just 4 days. That's why. The public beta is always behind "nunberwise" but only because we started first. GRIN 

    so your beta 6 is the battery fix 
Sign In or Register to comment.