Though it’s been just a few weeks since iOS 9.3.4 was publicly released, Apple users are being urged to quickly take advantage of the launch of iOS 9.3.5 in light of a new security hole discovered in previous versions of its operating system.
If your organization has not yet upgraded devices through your help desk or security communications, please advise your Apple users to accept the update notification for iOS 9.3.5 immediately to help secure their devices. This applies to all iPhones, iPads and iPods/Touch devices. A new vulnerability recently apparently exploited by an Israeli hacking firm could lead to remote code execution, allowing hackers to completely take over a device that has not yet received the patch remotely.
Apple turned around the patch quickly, just 10 days after security researchers Bill Marczak and John Scott-Railton alerted the company to potential flaws in the OS. The issues were said to be exploited by an Israeli company called the NSO Group that specializes in tracking the mobile phones of targets.
While it’s unclear just how much access the NSO Group had to devices running iOS 9, a report from The New York Times noted that the group had developed software that could read text messages, emails, calls, contacts and more. Whether the full range of exploits were specific to the iPhone, or if they applied to other smartphone models, is unclear.
“It can even record sounds, collect passwords, and trace the whereabouts of the phone user,” the report said.
Due to the urgency of its development, iOS 9.3.5 also did not have a beta period for developers or testers. It is reported to come as the last patch before Apple is set to release its next major platform update, iOS 10, this fall. Speculations around the platform include major notification improvements, third-party app support for Siri voice prompts, and upgrades to native apps including Messages, Maps and Photos.
For information on the security content of Apple software updates, please visit this website.