iOS 9.3.5 Fixes Vulnerabilities Used By Government Agencies to Spy on Various Targets

iOS 9.3.5 Fixes Vulnerabilities Used By Government Agencies to Spy on Various Targets

Posted by · 15992 views · Translate

Apple's release of iOS 9.3.5 today fixes three vulnerabilities used by government agencies to spy on dissidents, journalists, criminals, and other targets.

The New York Times reports that the vulnerabilities were discovered and sold to authorities by the Israeli security company NSO Group.

Investigators discovered that a company called the NSO Group, an Israeli outfit that sells software that invisibly tracks a target’s mobile phone, was responsible for the intrusions. The NSO Group’s software can read text messages and emails and track calls and contacts. It can even record sounds, collect passwords and trace the whereabouts of the phone user.

Zamir Dahbash, an NSO Group spokesman, said in an email, “The company sells only to authorized governmental agencies, and fully complies with strict export control laws and regulations.”

Dahbash also noted that NSO Group does not operate any of its systems and requires that its customers use its products in a “lawful manner.”

“Specifically, the products may only be used for the prevention and investigation of crimes.”

The vulnerabilities were brought to light after UAE human rights activist Ahmed Mansoor received some suspicious text messages. He shared the messages with Citizen Lab who then brought in Lookout to help examine the code. Together they discovered the three previously unknown iOS vulnerabilities and informed Apple about their existence.

Apple fixed the holes 10 days after a tip from Bill Marczak at Citizen Lab and John Scott Railton at Lookout.

“We advise all of our customers to always download the latest version of iOS to protect themselves against potential security exploits,” said Fred Sainz, an Apple spokesman.

You can download iOS 9.3.5 from here.

Read More

iOS 9.3.5 Fixes Vulnerabilities Used By Government Agencies to Spy on Various Targets

user - August 28, 2016 at 4:31pm
I think the new version contains back doors ... in purpose with Apple permission
clown - August 27, 2016 at 5:50am
Disable java
tar - August 26, 2016 at 10:20pm
what if they are not vulnerabilities, and they are actually back doors, they were just found out by a 3rd party. of course apple would never admit to such a thing, and just to save face, they would condemn such actions and put on some legal show up ;) can you really 100% trust apple to not have done that :p
iPro Service - August 26, 2016 at 11:35pm
They were coming from Israel who is known to spy using iOS vulnerabilities they themselves collect, purchase, and research. So extremely unlikely Apple is wilfully providing these "back doors".
daf - August 26, 2016 at 4:10pm
important enough to lose JB. updated straight away
14 More Comments