• Home
  • Apple
  • iOS
  • News
  • Apple Posts Details of iOS 9.3.5 Security Fixes as More Information About Security Holes Surface

Apple Posts Details of iOS 9.3.5 Security Fixes as More Information About Security Holes Surface

Apple Posts Details of iOS 9.3.5 Security Fixes as More Information About Security Holes Surface

Apple released iOS 9.3.5 on Thursday, and update designed to plug three serious security holes, which could give bad guys access to a user’s data, and even allow a device to be remotely jailbroken.

Apple Posts Details of iOS 9.3.5 Security Fixes as More Information About Security Holes Surfaces

Apple has posted information about the content of the update, and what it fixes.

iOS 9.3.5

Released August 25, 2016

Kernel

Available for: iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later

Impact: An application may be able to disclose kernel memory

Description: A validation issue was addressed through improved input sanitization.

CVE-2016-4655: Citizen Lab and Lookout 

Kernel

Available for: iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed through improved memory handling.

CVE-2016-4656: Citizen Lab and Lookout

WebKit

Available for: iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later

Impact: Visiting a maliciously crafted website may lead to arbitrary code execution

Description: A memory corruption issue was addressed through improved memory handling.

CVE-2016-4657: Citizen Lab and Lookout

A targeted attack on the device of Ahmed Mansoor, a 46-year-old human rights activist from the United Arab Emirates, came in the form of a text message that included a link. Mansoor was suspicious of the source, and didn’t click the link, instead forwarding it to Bill Marczak, a researcher at Citizen Lab, a digital rights watchdog at the University of Toronto’s Munk School of Global Affairs.

It turns out the link was malicious, and if clicked, would have launched a three-pronged attack on Mansoor’s device accessing the data on the iPhone. Citizen Lab and Lookout informed Apple of the vulnerabilities on August 15.

“It basically steals all the information on your phone, it intercepts every call, it intercepts every text message, it steals all the emails, the contacts, the FaceTime calls,” said mobile security company Lookout’s Vice President of Research Mike Murray. “It steals all the information in the Gmail app, all the Facebook messages, all the Facebook information, your Facebook contacts, everything from Skype, WhatsApp, Viber, WeChat, Telegram—you name it.”

Three zero-day vulnerabilities were discovered in the attack, and today’s iOS update plugged the holes used by the attacks. In addition to stealing data, the malware sends constantly updated GPS information to the bad guys, loads the iOS Keychain and grabs the victim’s data, including credentials for wi-fi networks, router passwords, and can intercept phone calls and WhatsApp calls and messages, plus it can remotely record audio and video.

(Some information via AppleInsider)

Related

  1. Flappy Bird Removed From App Store – But Why?
  2. WWDC 2013: New Camera App in iOS 7 – Filters, Collections, Moments, and Years
  3. Google Takes on Apple With New Chromebook Pixel – A $1299 ‘Retina’-Display Chrome OS Notebook
  4. Rovio Launches “Angry Birds Epic” for iOS – RPG Gameplay in the Angry Birds Universe
  5. Samsung to Stop Making LCD Panels for Apple in 2013
  6. Bajarin: Apple Just Re-Invented Books
Giveaways by iDrop News

iPhone X Giveaway

$999

Enter

MacBook Pro Giveaway

$1499.00

Enter

10.5″ iPad Pro Giveaway

$649.00

Enter

iPhone 8 Plus Giveaway

$800.00

Enter
Share