iOS 9.3.5 Fixes Malware Exploit: Install It, but Back Up First!

Update your iPhone or iPad

This week, Apple posted an important update to iOS 9. Version 9.3.5 is ready for download from Apple’s servers. Experts advise you to upgrade right away, since it closes a malware security vulnerability. It’s good advice, even if the risk is small to most of us. Make sure to back up your iPhone or iPad first, though. Here’s info on what’s going on and how to protect yourself.

First of all, if there’s one takeaway from the story: Don’t click on a link unless you know what’s inside.

A human rights dissident named Ahmed Mansoor received a strange text message on his iPhone encouraging him to click a link. He didn’t. Instead Mansoor reported it to a security research firm. Researchers think that it was a sophisticated effort to take over Mansoor’s iPhone. The code belongs to a company that makes government spyware.

The security group alerted Apple and didn’t publicize the break until after Apple issued the patch.

What Is a Zero-day Exploit?

The original report says that hackers have combined “zero-day” exploits in iOS to remotely jailbreak a targeted iPhone. “Zero-day” is security shorthand for “this problem hadn’t been patched by the software maker when it was found.” (“Jailbreaking” enables software to be installed on the iPhone that Apple doesn’t allow otherwise.)

The folks at Macworld have the skinny on what’s going on here:

When used together, the exploits allow someone to hijack an iOS device and control or monitor it remotely. Hijackers would have access to the device’s camera and microphone, and could capture audio calls even in otherwise end-to-end secured apps like WhatsApp. They could also grab stored images, tracking movements, and retrieve files.

It’s important to understand that according to the security experts who have examined the code, this particular exploit was targeted to be delivered to a specific person. It was only his general awareness and suspicion something was wrong that prevented the software from getting installed.

In other words, this isn’t like a phishing or a botnet scheme, where the goal is to get as many devices infected as possible. Instead, this was an effort by government actors to target a specific individual.

That means that the risk to you that you might be exploited by this particular problem is relatively low, unless you’re in the crosshairs of a government agency (or unless malware programmers figure out another way to exploit this particular threat for other reasons).

Risk, low. So don’t panic. But the threat is still there, which is why Apple’s pushed the 9.3.5 update and is recommending that everyone who’s running iOS 9 install it promptly.

Should I Back Up Before I Update?

Yes! Back up before you make any fundamental changes to your device. It’s a good idea to make sure any essential information is stored safely somewhere else.

You can back up your device using iTunes on the Mac or PC. Use the Lightning cable that came with your iOS device, connect it to an open USB port, then open iTunes to backup. You can also use iCloud Backup, Apple’s cloud-based backups service. Here’s a guide to backing up your iPhone or iPad with more details.

In general, we advocate the 3-2-1 backup strategy. Always have three copies of your data. One is your local copy (the data on your iPhone or iPad, for example). The second is a local backup (using iTunes on your Mac or PC, for example). The third is a copy stored safely off-site, in case anything happens—the cloud, for example.

iCloud Backup is one option for off-site backup. Backblaze will back up your computer’s iTunes files including that local backup. So if you back up to your computer, then use Backblaze, you’re all set.

How Do I Update my iPhone or iPad?

Follow these steps to make sure iOS 9.3.5 is installed on your device. First of all, make sure your device is charged and connected to a Wi-Fi network.

  1. Tap the iPhone or iPad’s Home button.
  2. Tap Settings.
  3. Tap General.
  4. Tap Software Update.
  5. The device will check for an update. Your device will automatically restart after it’s done.

How to Update to 9.3.5

What Do I Do Now?

Breathe a sigh of relief now that you have iOS 9.3.5 installed. At least until the next security exploit pops up. Just make sure to back up early and often, to make sure your device and your data is safe.

Editor’s note, 9/1/2016:

Mac users are also advised to apply the latest Security Updates to OS X 10.10 Yosemite and 10.11 El Capitan. On September 1, Apple released updates to those operating systems to patch the same security issue.


About Peter Cohen

Peter will never give you up, never let you down, never run around or desert you. Follow Peter on his web site: | Twitter: @flargh | LinkedIn: Peter Cohen