Three undiscovered iOS vulnerabilities leave iPhone users scampering to update their devices.
What do mobile software companies, hackers, and spy agencies have in common? They look for vulnerabilities in mobile operating systems.
Granted, their reasons are different. Companies like Apple want to find bugs so they can make their products secure, hackers want to find bugs so they can sell them to the highest bidder, and agencies like the FBI want to find bugs so they can retrieve information and evidence.
This weekend, iPhone, iPad and iPod Touch users around the world were updating iOS after serious spyware related to three unknown vulnerabilities was discovered. If for some reason you did not hear the news, then stop what you're doing now and immediately update your device.
To update, go to Settings > General > Software update. That should update you to iOS 9.3.5.
You can read the details of how three vulnerabilities were discovered on various websites, but the main points are:
Apple responded quickly and released the iOS 9.3.5 patch to block the Trident exploit chain.
iPhone users, you will have to depend on Apple to keep you safe. Admittedly, they have had a very good track record, but they are not flawless – chinks are appearing in the armor.
Do not click on unknown links. Whether a link comes to you in an SMS message as in this incident, or it's a phishing attack via your email, or a strange popup when visiting a website, avoid clicking any link that you don't know is safe.
Keep the operating system and software up-to-date. The most effective way to protect your devices from spyware, viruses, and any other sort of malware is to always make sure everything is patched and updated. But in Mansoor’s case, having an up-to-date iOS wasn't enough, because this was an unknown, or so-called zero-day, vulnerability. Thankfully, once Apple was aware of Trident, they were extremely quick to issue a patch. Because their ecosystem is very controlled, the patch was available immediately to all who needed it.
“For sure there are other vulnerabilities we don't know about yet,” said Avast mobile security researcher Filip Chytrý. “Apple has a more closed ecosystem, so for them it is easier to maintain any urgent update, but when a bug is discovered on Android, the issue might end up unresolved on many devices.”
In other words, the open ecosystem of Android devices means that critical software updates are slow to be pushed out leaving users exposed to malware or hackers. You can add security software like Avast Mobile Security to help protect your device.
The Cybersecurity Tech Accord and Economist Intelligence Unit report measures the beliefs of IT security leaders and experts regarding threats posed by state-led and sponsored threat actors.
MyData Global is a non-profit organization built to empower individuals by improving their rights regarding personal data. Read up on their current efforts to enable secure data sharing.