Serious security vulnerability that left iPhones open to hackers is patched in iOS 9.3.5

iPhone 6

Security researchers have unearthed three serious security flaws in iOS that made it possible to install spyware and other malware on iPhones. Software exploiting the vulnerabilities (described as "one of the most sophisticated pieces of cyberespionage software we've ever seen") can be installed with a single click, opening up victims' devices to full-scale surveillance.

The security holes have already been abused by NSO Group -- linked with selling hacking and surveillance software to governments -- but Apple has now issued a fix in the form of iOS 9.3.5. The update fixed two kernel vulnerabilities and one in WebKit, all discovered by Citizen Lab and Lookout.

The problem was discovered when human rights lawyer Ahmed Mansoor received suspicious text messages, became concerned, and alerted security groups. In a social engineered message, Mansoor was invited to click a link to learn about torture being carried out in the Middle East. Citizen Lab says that his phone would have been jailbroken and compromised if he had gone ahead and clicked the link.

While the problem was discovered back in the middle of August, the companies sat on it until Apple had been informed and the firm was able to address the issue. Now Apple has issued iOS 9.3.5 which has the following changelog:

iOS 9.3.5

Released August 25, 2016

Kernel

Available for: iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later

Impact: An application may be able to disclose kernel memory

Description: A validation issue was addressed through improved input sanitization.

CVE-2016-4655: Citizen Lab and Lookout

Kernel

Available for: iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed through improved memory handling.

CVE-2016-4656: Citizen Lab and Lookout

WebKit

Available for: iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later

Impact: Visiting a maliciously crafted website may lead to arbitrary code execution

Description: A memory corruption issue was addressed through improved memory handling.

CVE-2016-4657: Citizen Lab and Lookout

Check for updates now, and get installing.

Photo Credit: Attila Fodemesi/Shutterstock.com

© 1998-2018 BetaNews, Inc. All Rights Reserved. Privacy Policy.