Apple releases iOS 9.3.5 update, patches important vulnerabilities that would allow iPhone owners to be tracked

Apple has just released the second iOS update in a month. After launching earlier this month iOS 9.3.4 that fixed a specific workaround that would allow an application “to execute arbitrary code with kernel privileges,” the Cupertino-based company is now getting more serious and fixes no less than three vulnerabilities in the latest patch.

Although it might look like a regular maintenance release that should fix some minor bugs and issues, iOS 9.3.5 is actually very important.

Apple has already released an official changelog for this update, but New York Times has more information and reports that “investigators discovered that a company called the NSO Group, an Israeli outfit that sells software that invisibly tracks a target’s mobile phone, was responsible for the intrusions.”

According to the same report, the Israeli company's software could read text messages and emails, as well as track calls and contacts. But that's not all, as the same software can even record sounds, collect passwords and trace the location of the phone user. How about that?

The current iOS 9.3.5 security update is Apple's answer to the vulnerabilities that the Israeli firm exploited, but it only managed to do so 10 days after it's been tipped by two of the researches that found these security holes.

NSO Group prides itself for its spyware, which is said to work like a “ghost,” tracking not only the moves, but also the strokes of the target. Until recently, it was unclear how this group was monitoring its targets, but the bubble burst when it was discovered the Israeli company has been tracking the moves of a human rights activist in the UAE.


After receiving several suspicious messages, the person tracked by NSO Group passed them on to security specialists at Citizen Lab, who determined the fact that they were an attempt to track him via his iPhone.

Citizen Lab and Lookout have dig even deeper and discovered that the tracking was possible through three older iOS vulnerabilities that Apple didn't knew about. This type of vulnerabilities are called “zero days” and they sell for large amounts of money, especially if they're iOS vulnerabilities.

Two of the vulnerabilities discovered are related to the kernel, while the other one to the WebKit, but all three should be fixed by installing the latest iOS update.

Speaking of which, iOS 9.3.5 is now available for download for iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later, so get it as soon as possible.