Reprinted from TidBITS by permission; reuse governed by Creative Commons
license BY-NC-ND 3.0. TidBITS has offered years of thoughtful commentary
on Apple and Internet topics. For free email subscriptions and access to the
entire TidBITS archive, visit http://www.tidbits.com/


   iOS 9.3.5 Blocks Remote Jailbreak

   Josh Centers

   Less than a month after the release of iOS 9.3.4 (see '[1]Apple
   Releases iOS 9.3.4 with a Single Security Fix,' 4 August 2016) Apple
   has released iOS 9.3.5 with yet another solo, unspecified security fix.

   [2]Image

   The [3]New York Times reports that this rapid release comes in response
   to what appears to be a government attempt to compromise the iPhone of
   Ahmed Mansoor, a prominent human rights activist based in the United
   Arab Emirates. Two weeks ago, he reported several suspicious SMS text
   messages to researchers at the digital rights watchdog group Citizen
   Lab. With assistance from the research team at Lookout Security,
   Citizen Lab was able to identify the texts as coming from an exploit
   infrastructure created by NSO Group, an Israel-based 'cyber-war'
   company that makes phone surveillance software. The chain of exploits
   would have led to a remote jailbreak enabling the attacker ' likely the
   UAE government ' to install sophisticated spyware on Mansoor's iPhone.
   Citizen Lab reported these vulnerabilities to Apple, which promptly
   fixed them in iOS 9.3.5; [4]Citizen Lab's report makes for fascinating
   reading ' it's a real-world thriller.

   It's highly unlikely that most people would be targeted by NSO Group's
   exploit chain, given that it undoubtedly sells for big bucks. However,
   now that the vulnerabilities on which it relies have been blocked by
   iOS 9.3.5, it's easy to imagine the price dropping significantly,
   enabling garden-variety miscreants to afford to buy and use it.

   Since the result could be your iPhone being used to track your
   movements, record audio and video from your surroundings, snoop on
   messages in chat apps, and more, we recommend that you install iOS
   9.3.5 as soon as possible. It's a roughly 38 MB download, and you can
   update via Settings > General > Software Update or through iTunes.

References

   1. http://tidbits.com/article/16668
   2. http://tidbits.com/resources/2016-08/iOS-935.png
   3. http://www.nytimes.com/2016/08/26/technology/apple-software-vulnerability-ios-patch.html
   4. https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/

.