Apple releases iOS 9.3.5 to fix 3 zero-day vulnerabilities [Updated]
Just a few weeks after posting iOS 9.3.4 to fix a jailbreaking-related bug, Apple has released iOS 9.3.5 to all supported iPhones and iPads. The update provides an “important security update” and comes just a few weeks before the expected release of iOS 10, which is currently pretty far along in the developer/public beta process.
Update: Apple also tells us that these bugs were fixed in the latest versions of the iOS 10 public and developer betas, which were released last week.
Apple’s security release notes say that three bugs have been fixed, two in the iOS kernel and one in WebKit. The bugs were discovered by Citizen Lab and Lookout, which said they were actively exploited to hijack the iPhone of a political dissident. Lookout collectively calls the three zero-day vulnerabilities “Trident,” and says that they could allow an victim’s personal data to be accessed after opening a link sent in a text message. Trident infects a user’s phone “invisibly and silently, such that victims do not know they’ve been compromised.” We’ll have more information about the vulnerability in a forthcoming article.