Apple launches iOS 9.3.5; fixes zero day vulnerabilities

This week Apple Inc. has launched a new update for their users and advise them to update their Apple devices immediately. The new version of iOS fixes some highly critical security vulnerabilities, which can directly effect their users privacy.

Security researchers said that; a bungle attempt to breach the iPhone security by an anonymous  hacker by using hitherto a mysterious cyberespionage software has forced Apple to upgrade its operating system.

The spyware allows the attacker to take complete control of iOS 9.4 device by exploiting a critical security flaw. The vulnerabilities aren’t widely used according to security researchers, but they were effective in targeting individuals.

The vulnerability was first examined by the CitizenLab researchers, according toBill Marczak the vulnerability report author ; “What we have seen from looking at these exploits is that it seems that they have been in the wild a bit longer than the 9.3.3/9.3.4 timeframe,”. 

Apple Inc. has released an official statement after fixing this highly critical security flaw.

In an statement company’s spokesperson said; “We were made aware of this vulnerability and immediately fixed it with iOS 9.3.5. We advise all of our customers to always download the latest version of iOS to protect themselves against potential security exploits.”

U.A.E resident Mansoor was the one, who reported Citizen Lab researchers about receiving a dubious message on his iPhone 6 device. The message contains links and some text regarding the violation of human rights in U.A.E jails.  Ahmed Mansoor is a human right activist and have a history with U.A.E government.

Once Mansoor forwarded those messages to Citizen Lab, their researchers diagnosed three separate zero day exploits in iOS 9. Here’s how these exploits works according to Citizen Lab report:

  • The URL sent by SMS opens a webpage, which loads JavaScript and then retrieves remote binary files (available for both 32-bit and 64-bit versions of iOS). An exploit in the WebKit rendering component of iOS allows these binaries to execute within Safari.
  • The executed binary uses an exploit that allows it to bypass a protection Apple uses within the operating system—Kernel Address Space Layout Randomization (or KASLR)—which should prevent malicious software from identifying where the core of the operating system is found running in memory.
  • the knowledge of where in memory the kernel can be found, a third exploit triggers, which corrupts memory in the kernel to disable iOS from blocking software from running that hasn’t been signed by Apple. This effectively jailbreaks the phone.

After releasing the latest iOS 9.3.5 update Apple advised all their users to immediately update their devices because of the disclosure of security flaw.

How to update iOS 9.3.4

It’s is a pretty simple process to update your iPhone devices. Here’s the steps:

  1. Press home button and select the settings application.
  2. Once the app is launched tap on General.
  3. Now select the software update option.

Apple users can also update their iPhone devices through iTunes by connecting it to their Mac.

Leave a Reply

Your email address will not be published. Required fields are marked *