Dear IPhone User: You might have been hacked!

in #security8 years ago (edited)

Apple has released an important security update to address three 0-day vulnerabilities. Users are advised to update IPhones, IPads and IPods Touch to iOS 9.3.5. Do it or not?

iphone

While Apple briefly describes the content of the update, the full report is available.

The discussed attack is called Trident and allows an attacker to steal various data like: messages, calls, emails, logs, etc. The spyware was discovered in the wild earlier this month, analyzed by Citizen Lab, and quickly addressed by Apple.

Despite iOS 10 on the horizon, 9.3.5 is the next security update seen by users recently. Previous, 9.3.4, appeared due to the revelations of jailbreakers, called PanguTeam. The strong focus on iOS vulnerabilities is a result of the bug bounty program started last year. The rewards offered by Apple (and competitors!) made the initiative attractive to researchers, hackers and various IT companies around the world.

Is 9.3.5 a must have?

It depends:

  • It is very unlikely to see Trident used on a massive scale (targeting ordinary people) within days. However, it is always a risk.
  • Users who missed previous updates may see more benefits in terms of performance and fixes for miscellaneous problems observed in iOS 9.
  • On the other hand, some users are already complaining about new issues. You may want to wait several days and get some feedback first.
  • Don't update on the run, if you highly rely on your device. Some of your apps may stop working and data get corrupted.
  • Don't update if you jailbreaked your iOS on purpose. You will lose it.
Sort:  

I read something about it being mostly to prevent jailbreaking in this update .. I'll wait let me know how it works for you !

The malware actually silently jailbreaks your phone; in order to stop it, the iOS 9.3.5 update fixes the bugs that enables jailbreaks to happen.

Don't update on the run, if you highly rely on your device. Some of your apps may stop working and data get corrupted.

It's highly unlikely that any apps are going to stop working or that data is going to get corrupted unless you have something weird going on in the first place. The vast majority of users won't have a problem.

Don't update if you jailbreaked your iOS on purpose. You will lose it.

Is jailbreaking still a thing? I guess in some communities it is. I used to run into teenagers a few years ago with jailbroken iPhones because they could but not recently.

First of all, let me tell you that I would update my phone. To me 0 day fix is a must. But, that just me. On the other hand this exploit was used against human rights activist (I guess, you know the story) and generally it may depend on the profile of the potential victim and one's knowledge to make this decision.

  • You are right: The vast majority. Nevertheless, it is always advised to make a backup of important data. I am not against update, I just wrote "Don't update on the run, if you highly rely on your device". It may wait a couple of hours or even days as it is unlikely that your device is infected.
    Also, you cannot be sure from which version a user will make the update and how it affects the current state of his/her device. If you have an access to the computer and can fix eventual problems on your own, go for it. However, there is no reason to panic.
  • In terms of jailbreaking iPhones, let me keep it this way: it is your phone, it is legal and you may want to use it without any restrictions. I would not limit it to 'teenagers'. People still do it. Personally, I don't, because (despite all problems) I use Android ;)
    BTW now I can see your post with a link about this topic. I missed it before, unfortunately.

bug bounty program started last year

bug bounty program started this year
Sorry. Writing too fast, I should have reread it before posting.

Did your iphone get hacked? or your passcodes infiltrated? You can get in touch with Benjamin Stover on [geniushack08 ? gmail . com], I strongly recommend his services, perhaps his skills would speak more for him. Try him out, he can help!