iOS 9.3.5 update patches three major security vulnerabilities

By , Aug 25, 2016

Resized PasscodeTime

The just-released iOS 9.3.5 update patches three major security vulnerabilities, reports The New York Times. Apple was alerted to the flaws just 10 days ago by security researchers Bill Marczak and John Scott Railton, and is urging users to update.

Investigators discovered that Israeli-based digital arms dealer NSO Group was using the exploits in software it sells that can track smartphones. The program can read texts and emails, track calls and location, and can record sounds and passwords.

In interviews and manuals, the NSO Group’s executives have long boasted that their spyware worked like a “ghost,” tracking the moves and keystrokes of its targets, without leaving a trace. But until this month, it was not clear how exactly the group was monitoring its targets, or who exactly it was monitoring.

A clearer picture began to emerge on Aug. 10, when Ahmed Mansoor, a prominent human rights activist in the United Arab Emirates, who has been tracked by surveillance software several times, began receiving suspicious text messages. The messages purported to contain information about the torture of U.A.E. citizens.

In the release notes for iOS 9.3.5, Apple identifies the vulnerabilities as two kernel bugs that allow an application to execute arbitrary code with kernel privileges and disclose kernel memory, and a webkit bug involving arbitrary code execution.

As we said earlier, those running on jailbroken devices should avoid updating to iOS 9.3.5.

Source: NYT

  • Share:
  • Follow:
  • Wilber Alexander Flores

    Still not worth giving up my jailbreak for 🙂

    • still not worth posting two articles lol

      • Wilber Alexander Flores

        Gotta have that daily traffic income though

      • Melvco

        there’s a more in-depth post on Motherboard entitled “Government Hackers Caught Using Unprecedented iPhone Spy Tool.” I’d say this is a pretty big story.

      • Wilber Alexander Flores


      • Just saying all this info could have been in the single article.. Like a two for one special on a Thursday lol, No biggie..

    • Wait, you’re okay with remote code executing on your device or your device being attacked via a web browser just by visiting a website?

      This is bad, very bad. Jailbroken or not everyone should be updating unless your device is always in aeroplane mode and never connected to the Internet in which case you’re probably alright. I say probably because aeroplane mode is in itself a software switch, just because your phone says you’re in aeroplane mode doesn’t mean you actually are.

      • Wilber Alexander Flores

        Lol don’t worry iOS 10 coming soon I’m just trying to make the best of my jailbreak till I update

      • Wilber Alexander Flores

        Also you’ve lasted this long without knowing. it won’t hurt u pretending u don’t know it 🙂

      • Also you’ve lasted this long without knowing

        So have attackers. Now that the vulnerabilities have been disclosed you can expect an increase in attacks.

      • techfreak23

        You seem to be forgetting that the jailbreak community will usually come out with tweaks that patch the problem… Not entirely sure if said tweaks would be able to patch kernel exploits as well

      • Not entirely sure if said tweaks would be able to patch kernel exploits as well

        Pretty sure patching the kernel requires a firmware update., although I could be wrong. It might be possible for a tweak to patch the webkit vulnerabilities though. If you care about security though it’s easier and safer to just upgrade.

      • Rolf Bause

        But at least the thing that was supposed to attack this guy deletes all other found JBs and Cydia. And that I would notice immediately 😉

  • Bugs Bunnay

    Looks like someone hit the jackpot with this exploit. Made the current jailbreak a JOKE.

  • Waldemar Sinicki


  • John Smith

    What cracks me up is the same people who make a huge noise about privacy are the same ones defending the jailbreak on a highly exploitable software version.

    • Rolf Bause

      Honestly, what difference does it make at this point, really? Vulnerabilities that we just don’t know about atm will still be there. I bet Lucas JB still works lol. All the major security agencies will have 0day exploits of their own. A completely safe system is an illusion anyway.

  • Jeremiah

    What if we are running a beta?

    • Sleaka J

      The latest Developer and Public beta versions of iOS10 are patched.

  • Bill

    Of COURSE it was israelis. Color me surprised. SMDH.

  • JulianZH

    im still looking for a reason to jailbreak…

    • Gerald Qato

      Well. U can get apps and in-app purchases for free. Super cool tweaks that make ur phone look and control better . Also can do things like run apps that are downloading stuff in the background or your phone sleeping . I’m pretty sure u know about the themes. And the keyboard im writing rn looks amazing . Anyway u will have ifile where u can extract files without needing a pc and download & send attachments like pdfs without needing dropbox. There’s a lot more stuff but i dont have the time .

    • mickey

      Too many to list. But maybe not for your usage. Is there a reason you are here?

  • anonymous

    Anyone else getting this stupid messages from coach and Michael kors online bs stores

    • Gerald Qato

      I’m sure everyone is getting it

  • Leslie B

    Oh no! The software in my computer isn’t perfect. There are bugs and vulnerabilies in it. Oh no! Run for the hills!!!

    Meanwhile, people are freely spilling their guts on Facebook without a care in the world.

    Any expert will tell you the biggest risks to security aren’t little technical holes here and there. The biggest risks are stupid people doing stupid things right out in the open.

    • Hosam Tawfik

      totally agree!

  • I updated to iOS 10 public beta 7 and I don’t regret losing my jailbreak.