Apple Releases iOS 9.3.5 With Fix for Three Critical Vulnerabilities Exploited by Hacking Group

[now i see it]

So much for the blind faith that iMessage is secure. Click a link & you're screwed.

iOS is the new Windows. Just a matter of time till we all have to run A/V software in our phones.

 

[NT1440]

Yeah, looks like they jumped all over it

"Lookout believes "Pegasus" had been in the wild for quite some time before it was discovered, with some evidence dating back to iOS 7."

So one attack surface may have dated back to iOS7....you understand that exploits (and jailbreaking) relies on stringing multiple of these together right?

You post like you don't know anything about software...

 

[C DM]

Yeah, looks like they jumped all over it

"Lookout believes "Pegasus" had been in the wild for quite some time before it was discovered, with some evidence dating back to iOS 7."

So, they shouldn't have fixed the issues?

 

[I7guy]

Hmmm. Really? "pushing forward with more fixes"? What about push forward with a release that doesn't require fixes when released. Isn't this like "a ship with a hole in the bottom, leaking water, and [the] job is to get the ship pointed in the right direction"?

So you think software can be released bug and malware free? Ask Mac o/s, Windows and android if that is possible.

 

[citysnaps]

If I wanted weekly operating system updates I would've gone back to Windows. At least Windows updates aren't 1GB in size. 9.3.4 for my iPad 12.9 Pro was over 1GB in download.

A solution is at hand.

If you're not all that interested in guarding against recent security exploits, just ignore the updates. No one else will mind.

Easy.

Most people will appreciate Apple patching the exploits in just 10 days.

 

[thisisnotmyname]

Yeah, looks like they jumped all over it

"Lookout believes "Pegasus" had been in the wild for quite some time before it was discovered, with some evidence dating back to iOS 7."

It was a zero day and just discovered on August 11. Lovely spin though.

 

[RedOrchestra]

You post like you don't know anything about software...

Looks like Apple leads the way in not knowing anything about software.

 

[imlynxy]

Interesting... 9.3.4 (which I didn't install) was 120MB for ip6+. Now 9.3.5 is only 39.5MB. hmmm

They decided that 9.3.3 was better I also saw it.

 

[C DM]

So much for the blind faith that iMessage is secure. Click a link & you're screwed.

iOS is the new Windows. Just a matter of time till we all have to run A/V software in our phones.

Things are more secure, but nothing is exploit-proof. Reality is reality.

 

[I7guy]

Yeah I look at this as Apple missing things and thankfully fixing them. Not sure if that's a good thing or bad thing that bugs aren't being squashed sooner. iOS 7/8/9 weren't exactly smooth sailing in comparison to previous versions.

iOS 9 was fine. iOS 8 was a disaster, iOS 7 too far back for me to remember although I bought a 5s.

 

[Michael Goff]

So much for the blind faith that iMessage is secure. Click a link & you're screwed.

iOS is the new Windows. Just a matter of time till we all have to run A/V software in our phones.

No, iOS won't get that bad because Apple hasn't fired their QA team.

 

[redheeler]

Well, i like updates, but i hate the forced update notifications and killing the jailbreaking.

I haven't jailbroke, but want the option

I understand why Apple patched the jailbreak, they don't like to have open zero-day exploits compromising the security of iOS. I do wish Apple would give us proper iOS downgrade rights, though...

You'd best stay on 9.3.3 if you want the jailbreak.

 

[RedOrchestra]

If you're not all that interested in guarding against recent security exploits

NO, the exploits have always been there, Apple just found out about them ... but nice try, as always.

 

[thehodges]

Wow. So we complain that Apple is releasing fixes but then if Apple didn't and devices were compromised we'd be complaining that they aren't responsive.

The thing to keep in mind is that people that write malware go after the biggest targets. Which is why MOST of the malware event today is targeting Windows (90% market penetration). And now that iOS has good market penetration especially in the business sector Apple is a big target and so they have to keep our devices up to date with the latest security fixes.

You don't want constant OS security patches? Go tell the guys who are writing all of this malware to stop.

 

[sracer]

Sounds like you weren't on the latest version before that or something else was in play that you didn't get the typical smaller delta update.

I was at 9.3.3 when 9.3.4 was made available. I have given up trying to resist the updates... that red "1" indicator is like the eye of Sauron burning a hole in my soul.

As far as updates, it's somehow better to have known security exploits out there and not get updates for them? People will come up with some "interesting" spin on things it seems.

That's absurd. Who is saying that security exploits shouldn't be fixed?

Apple's OS update model is not designed for weekly updates. If they're going to update iOS frequently, then they need to come up with a less intrusive way to do it.

 

[C DM]

NO, the exploits have always been there, Apple just found out about them ... but nice try, as always.

...and what's strange or new about how that works in the world of software development?

 

[citysnaps]

NO, the exploits have always been there, Apple just found out about them ... but nice try, as always.

The exploits were recently reported. How else would Apple have found out about them?

You're obfuscating what I was saying in my previous post. Nice try. As always.

Again, if you're not interested in the patch, simply don't download it.

 

[sdf]

iOS 9.3.5 is available immediately to all devices running iOS 9 via an over-the-air update.

Not my iPad mini 2, oddly enough, which is currently running iOS 9.3.4. At least not yet.

iOS 9.3.5 is likely to be the last update to the iOS 9 operating system

Oh, I'll put $20 against that.

 

[C DM]

I was at 9.3.3 when 9.3.4 was made available. I have given up trying to resist the updates... that red "1" indicator is like the eye of Sauron burning a hole in my soul.



That's absurd. Who is saying that security exploits shouldn't be fixed?

Apple's OS update model is not designed for weekly updates. If they're going to update iOS frequently, then they need to come up with a less intrusive way to do it.

Around 10 minutes or so of the device updating essentially on its own is somehow intrusive?

 

[Northgrove]

Wow, interesting story behind this update then!

Also reported upon here:
https://motherboard.vice.com/read/g...e-hacking-jailbreak-nso-group?utm_source=mbfb

 

[bbbb4b]

So, why are these devices prone to attack or not secure. Isn't there some kind of underlying problem here?

I have to admit; you really have balls, showing the world how ignorant you are.
I would be too embarrassed.

 

[vlad_djkax]

Well, update complete here, iPhone SE and my old faithful iPad 2. So far, everything's fine.
Tonight, iPod Touch 5th Gen and wife's 5S.

 

[bitslap47]

Amazing how many people click on things when they don't know the sender, or even when they have that gut feeling it's a trap.

Here's an idea. When you get an email or text, and you touch a link, iOS asks if you are sure you know the sender. If you answer no, it yells "Stop resisting!! Stop resisting!!! Taser taser taser!!!" then the phone tases you.

 

[RedOrchestra]

How else would Apple have found out about them?

in-house Quality Assurance, for starters.

 

[sracer]

Around 10 minutes or so of the device updating essentially on its own is somehow intrusive?

I have never had an experience of an iOS update that took only 10 minutes "or so"... unless "or so" means "another 20 minutes".