iOS 9.3.5 Fixes Massive Security Flaw: What IT Needs To Know

...

Join us for this enlightening webinar where you'll get insight into what to consider when building

An active threat using critical iOS zero-day vulnerabilities, which were dubbed "Trident," could allow hackers to install spyware on iPhones. IT managers should ensure employee devices are updated as soon as possible.

Stop. Drop what you're doing and update your iPhone. A new security hole found by researchers is critically dangerous. The vulnerability could lead to remote code execution, allowing hackers to completely take over an iPhone remotely. Apple has already issued a patch via iOS 9.3.5 and recommends everyone update immediately.

IT managers need to get the word out to employees right away or even remotely push the update. Here's why.

Ahmed Mansoor, a United Arab Emirates-based human rights activist, recently received a suspicious text message. The message asked him to click on an embedded link. Rather than click, Mansoor smartly forwarded the message to security researchers at the University of Toronto.

Citizen Lab at the University of Toronto partnered with Lookout to explore what might have happened had Mansoor clicked the link. It's a good thing Mansoor listened to his gut. The researchers found that the link would have force-installed a program through three previously unknown vulnerabilities in iOS. The app could have then taken over the phone and allowed the attackers to do what they wished.

The spyware, called Pegasus, is the most advanced attack Citizen Lab says it has seen, "because it takes advantage of how integrated mobile devices are in our lives and the combination of features only available on mobile -- always connected (WiFi, 3G/4G), voice communications, camera, email, messaging, GPS, passwords, and contact lists," explained Citizen Lab in a blog post.

"It is modular to allow for customization and uses strong encryption to evade detection. Lookout's analysis determined that the malware exploits three zero-day vulnerabilities, [called] Trident, in Apple iOS."

[See Mobile Messaging Apps: 8 Tips for Keeping Your Workplace Secure.]

The researchers contacted Apple earlier this month and the company moved to plug the security holes very quickly.

iOS 9.3.5 covers an information leak at the kernel level, a kernel memory corruption that can lead to jailbreak, and a memory corruption in WebKit that leaves Safari open to attack. These would allow hackers to jailbreak an iPhone remotely and install surveillance software that could spy undetected.

Businesses, especially those that have mobile devices in the field, need to protect against this vulnerability as quickly as possible.

iOS 9.3.5 can be downloaded over the air directly from Apple.

Categories
APPLICATIONS
0 Comment

Leave a Reply

Captcha image


RELATED BY

  • 5300c769af79e

    Report: Foxconn Manager Steals $1.5M Worth of iPhones

    A former manager at Apple manufacturer Foxconn apparently had a lucrative iPhone theft scheme going on for some time, but is now the one about to pay.From 2013 to 2014, the man and his accomplices reportedly stole around 5,700 iPhones and sold them to stores, raking in nearly $2.
  • 5300c769af79e

    Unicon (formerly Icon Themer) | Download Apps For Free

    {{Features}}$ More than 100 icon packs available in Play Store ready to be applied to Unicon$ Tested with ADW, Apex, Nova Themes/Icon Packs$ Works with Legacy GO Themes (the ones which is not made with GO Theme Factory)$ Works with Paid Icon Packs$ Works with Odex/Deodexed ROMs$ More features to come!{Requirements}$ Android 4.
  • 5300c769af79e

    Norwegian Newspaper Slams Zuckerberg Over Deleted Photo

    The editor-in-chief of Norway's largest newspaper has accused Facebook chief Mark Zuckerberg of abusing his position as "world's most powerful editor.Shot by Associated Press photographer Nick Ut in South Vietnam in June 1972, the image depicts the 9-year-old girl—stripped of her burning clothes—running with several other children to safety.
  • 5300c769af79e

    Samsung: Galaxy S7 Active's Waterproofing Issue Fixed

    The 2013-era Galaxy S4 Active famously failed dunk tests, and now the brand-new S7 Active has suffered from similar failures.Earlier this month, Consumer Reports said not one, but two Galaxy S7 Active handsets failed its water tests.