Apple Releases iOS 9.3.5 With Fix for Three Critical Vulnerabilities Exploited by Hacking Group

[chrfr]

Interestingly, I have an old iPad 2 with iOS 9.3.3. There hasn't been any more updates for it since 9.3.3.

The 9.3.5 update applies to the iPad 2. Does yours just not show updates anymore?

 

[appledefenceforce]

Damn if they do and damn if the don't.

 

[ben.boyd437]

No security for iOS 7 iphone4 which is still in wide use as a corporate email device.

 

[MNLondon]

And now I can't sign into the App or iTunes stores!!!!! (after diligently updating)

Bugger!

It's all fine on Mac and Apple TV.

 

[sudo1996]

WHAT!?!?!? Never had to do any of that for an update. Maybe explain further how and what you do to update iOS. Should tap the software update button and wait it out for a few min and BAM done.

Yeah, that's what I do. I thought everyone had the same process. If it's really just one step like you describe, either you have a simpler setup, or I'm just really unlucky. Might have to do with me having set a complex passcode instead of the default 6 digits.

 

[OldSchoolMacGuy]

No security for iOS 7 iphone4 which is still in wide use as a corporate email device.

At some point they have to cut the cord. Can't keep investing resources in a product that old.

There are still companies that are using Windows 98 and even 95 machines. Doesn't mean that Microsoft should waste money supporting them at this point.

 

[sudo1996]

What I'd personally like is if Apple provided a "Install security updates automatically" option for security-only iOS updates. It can then be installed when the user is not using the phone (e.g. at night or something). This would save people from having to update their phone and waiting for it to be installed. Kind of like how they have that option in macOS as well.

Yes, I've always wanted to sudo apt-get upgrade stuff since the Bash bug.

 

[sbailey4]

Yeah, that's what I do. I thought everyone had the same process. If it's really just one step like you describe, either you have a simpler setup, or I'm just really unlucky. Might have to do with me having set a complex passcode instead of the default 6 digits.

yeah i dunno. Is every update that way for you? Have you tried updating via iTunes? What happens then? Cant imagine the password would have anything to do with it. Do you have corporate profiles installed?
[doublepost=1472178823][/doublepost]

No security for iOS 7 iphone4 which is still in wide use as a corporate email device.

That setup will have more vulnerabilities than just these latest 3. Sorry but that's the reality.

 

[Amazing Iceman]

The 9.3.5 update applies to the iPad 2. Does yours just not show updates anymore?

Not just that iPad 2 but an iPad 3 as well. But the later one updated
up to 9.3.4.

I'll try again later, in case it wasn't ready when I tried to install it. Otherwise, my next choice would be to connect these to iTunes.

 

[Abazigal]

only on MR, now an apple site infested by people who hate apple. sad.

The irony was that I came here precisely to escape from other hate-infested sites such as Cnet and Engadget.

Looks like we will have to just dig in our heels and fight back.

 

[Abazigal]

You don't think that is possible, silent updates for security patches?
Not deflecting, just using your perspective and poll suggestion.

I think it's not so much that silent updates is possible, but that it is undesirable.

You are taking about an operating system which asks the user for permission each time it wants to access something. Apple is being extremely upfront and transparent with what your device is up to at any one time. I think most people would want to be in control of what happens to their phone, and It's just easier to Apple to seek their consent first.

I honestly don't think people really like waking up to find their devices have been silently patched overnight.

 

[sudo1996]

yeah i dunno. Is every update that way for you? Have you tried updating via iTunes? What happens then? Cant imagine the password would have anything to do with it. Do you have corporate profiles installed?

It always happens. Not sure about the profiles. I use it for development, so maybe, but I don't see any in my settings. And yes, I update through iTunes since I never have enough space to update in-place. Either way, I'm not too concerned about it... Like I said, I don't update anymore or really use my phone for anything except dev.

 

[Shirasaki]

Security is an illusion. What you don't know is not knowledge. If you don't know about such vulnerabilities, you may think you are safe

Thus, this is an endless battle. But we can train ourselves to be vigilant than usual. "Expect treachery at every step".

 

[MrChurchyard]

I wonder whether the people being all negative about Apple’s software quality have read and understood the part that these kinds of bugs are so rare that governments and other actors pay a million dollars for each of them, and that Apple reacted “immediately” (quoting the security researchers that discovered the vulnerabilities here).

If you run iOS on the latest version, you are running the most secure consumer OS out there; and getting on the latest version is easy, compared to Android.

If you want to educate yourself, here’s a link to Apple’s iOS security whitepaper, that details their pretty damn impressive security architecture. And every release improves even further on that, if you checked out Apple’s head of security engineering’s talk at Black Hat conference that MacRumors covered a while back.

 

[Shirasaki]

You have to disable Find My iPhone to update the re-enable it after, and you're logged out of iCloud then back in. When you log in again, it asks for all your iCloud settings and performs some kind of setup. It's happened to me on different phones every time, so I don't think it's a glitch. But during this post-update iCloud setup, I've had glitches ruin things for me.

If you do a restore to update then yes. But if you just do OTA then no need to re-setup the iCloud most of the time.

 

[Steve121178]

Wow! Wasn't expecting this!

Why not? It's about time Apple took fixing broken code, bugs & vulnerabilities seriously.

 

[Roadstar]

Just curious, will they continue to patch iOS 9 for the devices that can't update to iOS 10 kind of like Microsoft still patches older versions of windows?

Unfortunately that's quite unlikely. My old iPhone 4 was left with a largish vulnerability in Safari that they fixed to iOS 8 only (and the phone was stuck on iOS 7). I could've used an alternative browser, but as you can't set that as default, the vulnerable Safari would still pop up every now and then.

 

[ericlmercer]

Just curious: how to know if your iPhone was affected?
How you can "cure" this kind of malware?
Does system update, apart from fixing holes, removes malware?

https://techcrunch.com/2016/08/25/apple-zero-days-hacking/

"For now, Lookout is making it possible for iOS users to check if their devices were compromised. Users can download Lookout’s app, which is already installed on over 100 million phones, and scan their device for the NSO Group’s code. Murray encouraged journalists and others who believe they may be government targets to check their devices and call Lookout if they detect Trident."

Lookout App on AppStore: https://appsto.re/us/zr_6z.i

 

[Abazigal]

Why not? It's about time Apple took fixing broken code, bugs & vulnerabilities seriously.

What makes you think Apple wasn't serious before?

 

[Steve121178]

What makes you think Apple wasn't serious before?

Because they took months to fix issues, some issues went without a fix.

http://www.forbes.com/sites/benkepe...mmune-and-fixing-takes-too-long/#1356b4dd13b6

http://krebsonsecurity.com/2011/11/apple-took-3-years-to-fix-finfisher-trojan-hole/

http://www.cnet.com/uk/news/apples-culture-of-secrecy-delays-security-response-again/

http://wccftech.com/apple-failed-to-fix-rootpipe-os-x-vulnerability/

https://www.daniweb.com/hardware-an...take-so-long-to-fix-darwin-nuke-vulnerability

Articles like these go back years. Apple is/was very lackadaisical when it comes to fixing issues & vulnerabilities.

 

[JamesPDX]

Patching is important. Using incorrectly configured or outdated browsers is as bad as a security hole. https://www.howsmyssl.com/

 

[Shirasaki]

Well I think a fresh restart keeps my devices running smooth and purdy. But what do I know, I used to use Windows. Restart that five or six times a night.

I use Windows. I restart once per month. My Mac also restarts at most once per week.

 

[Adithya007]

Does the 6 Plus home screen feel any snappier now?

*cries in the corner for a bug that was never ever fixed*

 

[itsmeaustend]

Oh no. I just read what this update is about. I wonder if I can get these patches while jailbroken on 9.3.3.

Pretty sure I can.

LOL!
Not going to happen. Ever. it patches your tethered jailbreak by nature and therefore can't be ported.

 

[Shirasaki]

Please stop boring me. Users shouldn't need to know about their devices being patched for security updates by Apple., other updates yes.

Why security updates are so "special" that a user should NOT know when it is being patched?

Now poll, regular or otherwise users and ask them how many of them would like security updates done with or without notice of the patching. Why do they need to be disrupted and notified with security updates. Just do it, and do it silently, Apple.

How you can get user feedback if your survey don't interact with user?
This is beyond me.