Apple today released iOS version 9.3.5, which contains patches for security vulnerabilities that exist in earlier versions of Apple’s mobile operating system. Today’s update follow the release of iOS 9.3.4 earlier this month.
Mobile security startup Lookout says it discovered the vulnerabilities in association with the University of Toronto’s Citizen Lab and have collaborated with Apple to fix them. Lookout encourages people to install today’s update to prevent attacks from what the company calls Trident.
“The attack sequence, boiled down, is a classic phishing scheme: send text message, open web browser, load page, exploit vulnerabilities, install persistent software to gather information,” Lookout and Citizen Lab said in a blog post. “This, however, happens invisibly and silently, such that victims do not know they’ve been compromised.”
Trident is part of a piece of malware named Pegasus from a company called NSO, and the United Arab Emirates appears to have tried to use Pegasus to attack the iPhone of human rights activist Ahmed Mansoor, who is based in the Emirates, the organizations said. Also Citizen Lab believes “state-sponsored actors” attacked a Mexican journalist with the NSO software.
Apple’s rundown of today’s iOS 9 update is here.
Apple plans to roll out iOS 10 this fall.