Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple issues iOS 9.3.5 update, patching serious security issues discovered just 10 days ago

Last updated

Apple on Thursday pushed out yet another important update for its iOS 9 operating system, addressing serious security holes apparently exploited by an Israeli hacking firm, in what could be the final patch ahead of the release of iOS 10.

iOS 9.3.5 is now available through Software Update on compatible devices, and can also be installed through iTunes on a connected Mac or PC. As with the previous release, Apple has characterized the latest build as an "important security update" recommended for all users.

Apple turned around the patch quickly, just 10 days after a pair of security researchers alerted the company to potential flaws in the OS, according to The New York Times. The issues were said to be exploited by an Israeli company called the NSO Group that specializes in tracking the mobile phones of targets.

While it's unclear just how much access the NSO Group had to devices running iOS 9, Thursday's report noted that the group had developed software that could read text messages, emails, calls, contacts and more. Whether the full range of exploits were specific to the iPhone, or if they applied to other smartphone models, is unclear.

"It can even record sounds, collect passwords, and trace the whereabouts of the phone user," the report said.

The security holes were discovered by Bill Marczak and John Scott-Railton.

The launch of iOS 9.3.5 comes a few weeks after iOS 9.3.4 was publicly released. Like that update, iOS 9.3.5 also did not have a beta period for developers or testers.

Apple is set to release its next major platform update, iOS 10, this fall, likely in September. It includes major notification improvements, third-party app support for Siri voice prompts, and upgrades to native apps including Messages, Maps and Photos.

For more on iOS 10, see AppleInsider's ongoing Inside iOS 10 series.



22 Comments

TurboPGT 9 Years · 355 comments

I wonder if this patch was in iOS 10 beta 7 and its why they rushed it out last Friday.

ericthehalfbee 13 Years · 4489 comments

Imagine you're stuck on Android and having to wait god knows how long before you get the fix (that is, IF you get it). Even owners of the S7 or Note 7 are going to have to wait 30 days to get their security updates (until Samsung decides 30 days is too much work and they start slipping release times).

lkrupp 19 Years · 10521 comments

Imagine you're stuck on Android and having to wait god knows how long before you get the fix (that is, IF you get it). Even owners of the S7 or Note 7 are going to have to wait 30 days to get their security updates (until Samsung decides 30 days is too much work and they start slipping release times).

But we never hear of actual, confirmed and verified cases of users’ identity or personal data being compromised in the wild... on either platform. I suppose things could happen with out the user’s knowledge but these security flaws don’t seem to be used by typical criminals. Is it just governments and spy agencies that use this stuff?

thisisasj 9 Years · 64 comments

lkrupp said:
But we never hear of actual, confirmed and verified cases of users’ identity or personal data being compromised in the wild...
Not as such, but I'd be willing to bet money these larger, more public data breaches (think DNC, nearly everything Wikileaks gets, etc) started by hackers accessing unprotected users' mobile devices, lifting credentials from there, then easily penetrating sensitive systems using legitimate access criteria.

singularity 11 Years · 1323 comments

sog35 said:
lkrupp said:
But we never hear of actual, confirmed and verified cases of users’ identity or personal data being compromised in the wild... on either platform. I suppose things could happen with out the user’s knowledge but these security flaws don’t seem to be used by typical criminals. Is it just governments and spy agencies that use this stuff?
I've experienced it when I had an Android phone.

My apps would no longer work because I could not update the software.

Also on my Android tablet I actually lost in app purchases. I bought $5 worth of dots. The tablet crashed and my dots were gone.

That's when I swore I would never own an Android tablet/phone ever again. POS.

So you equate not being able to update apps with the security being compromised and data losses to nefarious people?