• Home
  • Apple
  • iOS
  • News
  • Apple Posts Details of iOS 9.3.5 Security Fixes as More Information About Security Holes Surface

Apple Posts Details of iOS 9.3.5 Security Fixes as More Information About Security Holes Surface

Apple Posts Details of iOS 9.3.5 Security Fixes as More Information About Security Holes Surface

Apple released iOS 9.3.5 on Thursday, and update designed to plug three serious security holes, which could give bad guys access to a user’s data, and even allow a device to be remotely jailbroken.

Apple Posts Details of iOS 9.3.5 Security Fixes as More Information About Security Holes Surfaces

Apple has posted information about the content of the update, and what it fixes.

iOS 9.3.5

Released August 25, 2016

Kernel

Available for: iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later

Impact: An application may be able to disclose kernel memory

Description: A validation issue was addressed through improved input sanitization.

CVE-2016-4655: Citizen Lab and Lookout 

Kernel

Available for: iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed through improved memory handling.

CVE-2016-4656: Citizen Lab and Lookout

WebKit

Available for: iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later

Impact: Visiting a maliciously crafted website may lead to arbitrary code execution

Description: A memory corruption issue was addressed through improved memory handling.

CVE-2016-4657: Citizen Lab and Lookout

A targeted attack on the device of Ahmed Mansoor, a 46-year-old human rights activist from the United Arab Emirates, came in the form of a text message that included a link. Mansoor was suspicious of the source, and didn’t click the link, instead forwarding it to Bill Marczak, a researcher at Citizen Lab, a digital rights watchdog at the University of Toronto’s Munk School of Global Affairs.

It turns out the link was malicious, and if clicked, would have launched a three-pronged attack on Mansoor’s device accessing the data on the iPhone. Citizen Lab and Lookout informed Apple of the vulnerabilities on August 15.

“It basically steals all the information on your phone, it intercepts every call, it intercepts every text message, it steals all the emails, the contacts, the FaceTime calls,” said mobile security company Lookout’s Vice President of Research Mike Murray. “It steals all the information in the Gmail app, all the Facebook messages, all the Facebook information, your Facebook contacts, everything from Skype, WhatsApp, Viber, WeChat, Telegram—you name it.”

Three zero-day vulnerabilities were discovered in the attack, and today’s iOS update plugged the holes used by the attacks. In addition to stealing data, the malware sends constantly updated GPS information to the bad guys, loads the iOS Keychain and grabs the victim’s data, including credentials for wi-fi networks, router passwords, and can intercept phone calls and WhatsApp calls and messages, plus it can remotely record audio and video.

(Some information via AppleInsider)

Related

  1. iPhone X Wallpapers for Download
  2. Apple is Testing Maps Push Notifications – Informs Users of Fixes
  3. Records for Mac Gets an Update – New Table View, 30 Templates, More
  4. Apple Releases First Developer Preview of iBooks for Mac
  5. Apple Announces “Find My Friends” Feature In iOS 5
  6. iPhone Q4 Marketshare Slips, Samsung Falters in The Face of Pressure From Android Competitors
Apple Giveaways

iPhone X Giveaway

$999

Enter

MacBook Pro Giveaway

$1499.00

Enter

10.5″ iPad Pro Giveaway

$649.00

Enter

iPhone 8 Plus Giveaway

$800.00

Enter
Share