iOS 9.3.5 Fixes Malware Exploit: Install It, but Backup First!

By | August 26th, 2016

Update your iPhone or iPad

Apple this week posted important an update to iOS 9. Version 9.3.5 is ready for download from Apple’s servers. Experts advise you to upgrade right away, since it closes a malware security vulnerability. It’s good advice, even if the risk is small to most of us. Make sure to back up your iPhone or iPad first, though. Here’s info on what’s going on and how to protect yourself.

First of all, if there’s one takeaway from the story: Don’t click on a link unless you know what’s inside.

A human rights dissident named Ahmed Mansoor received a strange text message on his iPhone encouraging him to click a link. He didn’t. Instead Mansoor reported it to a security research firm. Researchers think that it was a sophisticated effort to take over Mansoor’s iPhone. The code belongs to a company that makes government spyware.

The security group alerted Apple and didn’t publicize the break until after Apple issued the patch.

What is a zero-day exploit?

The original report says that hackers have combined “zero-day” exploits in iOS to remotely jailbreak a targeted iPhone. “Zero-day” is security shorthand for “this problem hadn’t been patched by the software maker when it was found.” (“Jailbreaking” enables software to be installed on the iPhone that Apple doesn’t allow otherwise.)

The folks at Macworld have the skinny on what’s going on here:

When used together, the exploits allow someone to hijack an iOS device and control or monitor it remotely. Hijackers would have access to the device’s camera and microphone, and could capture audio calls even in otherwise end-to-end secured apps like WhatsApp. They could also grab stored images, tracking movements, and retrieve files.

It’s important to understand that according to the security experts who have examined the code, this particular exploit was targeted to be delivered to a specific person. It was only his general awareness and suspicion something was wrong that prevented the software from getting installed.

In other words, this isn’t like a phishing or a botnet scheme, where the goal is to get as many devices infected as possible. Instead, this was an effort by government actors to target a specific individual.

That means that the risk to you that you might be exploited by this particular problem is relatively low, unless you’re in the crosshairs of a government agency (or unless malware programmers figure out another way to exploit this particular threat for other reasons).

Risk, low. So don’t panic. But the threat is still there, which is why Apple’s pushed the 9.3.5 update and is recommending that everyone who’s running iOS 9 install it promptly.

Should I back up before I update?

Yes! Backup before you make any fundamental changes to your device. It’s a good idea to make sure any essential information is stored safely somewhere else.

You can backup your device using iTunes on the Mac or PC. Use the Lightning cable that came with your iOS device and connect it to an open USB port, then open iTunes to backup. You can also use iCloud Backup, Apple’s cloud-based backups service. Here’s a guide to backing up your iPhone or iPad with more details.

In general, we advocate the 3-2-1 Backup Strategy. Always have three copies of your data. One is your local copy (the data on your iPhone or iPad, for example). The second is a local backup (using iTunes on your Mac or PC, for example). The third is a copy stored safely offsite, in case anything happens – the cloud, for example.

iCloud Backup is one option for offsite backup. Backblaze will back up your computer’s iTunes files including that local backup. So if you backup to your computer, then use Backblaze, you’re all set.

How do I update my iPhone or iPad?

Follow these steps to make sure iOS 9.3.5 is installed on your device. First of all, make sure your device is charged and connected to a Wi-Fi network.

  1. Tap the iPhone or iPad’s Home button.
  2. Tap Settings.
  3. Tap General.
  4. Tap Software Update.
  5. The device will check for an update. Your device will automatically restart after it’s done.

How to Update to 9.3.5

What do I do now?

Breathe a sigh of relief now that you have iOS 9.3.5 installed. At least until the next security exploit pops up. Just make sure to backup early and often, to make sure your device and your data is safe.

Editor’s note, 9/1/2016

Mac users are also advised to apply the latest Security Updates to OS X 10.10 “Yosemite” and 10.11 “El Capitan.” Apple on September 1 released updates to those operating systems to patch the same security issue.

Peter Cohen
Peter will never give you up, never let you down, never run around or desert you. He also manages the Backblaze blog.

Follow Peter on:
His web site: peter-cohen.com | Twitter: @flargh | LinkedIn: Peter Cohen | Google+: Peter Cohen
Category:  Backing Up · Mac Love
  • Discpad

    MEMO TO ARAB TERRORISTS: THE JOOS ARE INSIDE YOUR iPHONE!
    Apple boosts iPhone security after Mideast spyware discovery

    A botched attempt to break into the iPhone of an Arab activist using hitherto unknown espionage software has trigged a global upgrade of Apple’s mobile operating system, researchers said Thursday.

    The spyware took advantage of three previously undisclosed weaknesses in Apple’s mobile operating system to take complete control of iPhone devices, according to reports published Thursday by the San Francisco-based Lookout smartphone security company and internet watchdog group Citizen Lab. Both reports fingered the NSO Group, an Israeli company with a reputation for flying under the radar, as the author of the spyware.

    “The threat actor has never been caught before,” said Mike Murray, a researcher with Lookout, describing the program as “the most sophisticated spyware package we have seen in the market.” (more)

    http://hosted.ap.org/dynamic/stories/E/EU_IPHONE_SPYWARE?SITE=AP