iOS 9.3.5 Fixes Massive Security Flaw: What IT Needs To Know

...

Join us for this enlightening webinar where you'll get insight into what to consider when building

An active threat using critical iOS zero-day vulnerabilities, which were dubbed "Trident," could allow hackers to install spyware on iPhones. IT managers should ensure employee devices are updated as soon as possible.

Stop. Drop what you're doing and update your iPhone. A new security hole found by researchers is critically dangerous. The vulnerability could lead to remote code execution, allowing hackers to completely take over an iPhone remotely. Apple has already issued a patch via iOS 9.3.5 and recommends everyone update immediately.

IT managers need to get the word out to employees right away or even remotely push the update. Here's why.

Ahmed Mansoor, a United Arab Emirates-based human rights activist, recently received a suspicious text message. The message asked him to click on an embedded link. Rather than click, Mansoor smartly forwarded the message to security researchers at the University of Toronto.

Citizen Lab at the University of Toronto partnered with Lookout to explore what might have happened had Mansoor clicked the link. It's a good thing Mansoor listened to his gut. The researchers found that the link would have force-installed a program through three previously unknown vulnerabilities in iOS. The app could have then taken over the phone and allowed the attackers to do what they wished.

The spyware, called Pegasus, is the most advanced attack Citizen Lab says it has seen, "because it takes advantage of how integrated mobile devices are in our lives and the combination of features only available on mobile -- always connected (WiFi, 3G/4G), voice communications, camera, email, messaging, GPS, passwords, and contact lists," explained Citizen Lab in a blog post.

"It is modular to allow for customization and uses strong encryption to evade detection. Lookout's analysis determined that the malware exploits three zero-day vulnerabilities, [called] Trident, in Apple iOS."

[See Mobile Messaging Apps: 8 Tips for Keeping Your Workplace Secure.]

The researchers contacted Apple earlier this month and the company moved to plug the security holes very quickly.

iOS 9.3.5 covers an information leak at the kernel level, a kernel memory corruption that can lead to jailbreak, and a memory corruption in WebKit that leaves Safari open to attack. These would allow hackers to jailbreak an iPhone remotely and install surveillance software that could spy undetected.

Businesses, especially those that have mobile devices in the field, need to protect against this vulnerability as quickly as possible.

iOS 9.3.5 can be downloaded over the air directly from Apple.

Categories
APPLICATIONS
0 Comment

Leave a Reply

Captcha image


RELATED BY

  • 5300c769af79e

    Netflix's FAST Speed Test Website is Now an Android App

    If you aren’t hip on all of the different speed test sites out there, all you need to know about FAST is how barebones it is.Once you boot it up, it simply runs and checks to see how fast your current speed is.
  • 5300c769af79e

    Design Your Own Google Nexus Phone Case

    Choose between two variations: Photos Live Case lets you pick and print any photo (be sure to capture your cat's best side), while Places Live Case uses Google Maps to design a stylized version of your favorite location.As an added bonus, they come with companion live wallpaper on your phone's homescreen when you download the Live Case app.
  • 5300c769af79e

    Apple CareKit Launches With 4 Healthcare Apps

    There is a renewed focus on risk data aggregation and reporting (RDAR) solutions, as financial ins Apple CareKit technology is now available to developers through GitHub, and to consumers through four updated applications -- Iodine, One Drop, Glow Nurture, and Glow Baby -- from startups Apple spent the last month working with.In March, Apple introduced CareKit, its third open-source medical framework, and starting April 28 the first applications benefitting from CareKit are available.
  • 5300c769af79e

    New Report Adds to the LG G6 Specs List

    We are a solid month away from the LG G6 unveiling at MWC, and as we inch closer, you will begin to be presented with what should be a complete picture of what the G6 is shaping up to be.According to a report from CNET, LG’s big push is to make the G6 available ahead of Samsung’s Galaxy S8.