Skip to main content

iOS 9.3.5 Stops Attack That Jailbreaks, Hijacks iPhones

iOS 9.3.5 has arrived just in time to save your iPhone from one of the latest nasty spear phishing attacks that would give an attacker complete access to every facet of your phone.

Credit: Citizen Lab

(Image credit: Citizen Lab)

The attack was first spotted on August 10 and 11 by Ahmed Mansoor, an internationally recognized human rights defender based in the United Arab Emirates (UAE), when he received SMS text messages on his iPhone promising "new secrets" about tortured detainees in UAE jails. Mansoor, who's already been attacked by government hackers, didn't click on the included link; instead, he passed those messages to researchers at the Toronto-based Citizen Lab, an interdisciplinary laboratory based out of the Munk School of Global Affairs.

Both Citizen Lab and San Francisco-based Android antivirus firm Lookout published reports on the Mansoor hack, while Apple, in conjunction with those reports, released iOS 9.3.5 to fix the vulnerability that allows the attack. All iOS device owners, even those who are not highly-regarded journalists or otherwise interesting targets, should update to the latest version of iOS immediately. Instructions for doing so are below.

MORE: 7 Easy Ways to Get Your Identity Stolen

The team at Citizen Lab identified the links as a part of an exploit chain it calls Trident, which is connected to the NSO Group, an Israel-based organization owned by the U.S. company Francisco Partners Management that specializes in "cyber war" tools, according to reports. Trident is a part of the NSO Group's Pegasus product, a spyware tool that takes advantage of zero-days, which are flaws only known by the attacker.

Pegasus attacks gather all the information. Credit: Citizen Lab

(Image credit: Pegasus attacks gather all the information. Credit: Citizen Lab)

If Mansoor, or any target of Pegasus-based attacks, tapped on that link, his device would be remotely jailbroken, and filled with spyware software, essentially bugging him. If his enemies didn't create that attack, access to that bug could be sold to them at a high price. Citizen Lab also discovered similar attacks made with NSO's tools by state-sponsored actors against a Mexican journalist reporting on government corruption, as well as targets in Kenya.

How to Update to iOS 9.3.5

To update your device to iOS 9.3.5, open Settings, tap Software Update, tap Download and Install; from there, follow the instructions. This technology may find its way down the pecking order of attackers and wind up in the hands of bored teenagers looking to pwn their neighbors.

Lastly, in case someone tells you this kind of attack is new to iOS, it is not. Malware exploits such as JailbreakMe worked on iPhones up until iOS 4.3, released in 2011.