Update your iDevices immediately, warns columnist Bob LeVitus.
I don’t usually write about Apple’s minor operating system updates because they’re generally boring and of little interest to either of us.
But, if you’re using an iPhone, iPad or iPod touch, you need to update to version 9.3.5 without delay. I’ll tell you how in a moment, but first let me tell you why it’s vital to update your iDevices immediately.
Last week a mobile security company (Lookout) and the advanced research laboratory at the Munk School of Global Affairs, University of Toronto (Citizen Lab), released details of a sophisticated, targeted, and persistent mobile attack on iOS devices that can jailbreak an iOS device without the user’s knowledge and collect information from apps including Gmail, Facebook, Skype, WhatsApp, Calendar, FaceTime and more.
Apple released a fix, iOS 9.3.5, almost immediately after the details were made public. While it’s unlikely you are infected with the exploit, known as Trident, you need to update your iOS device to version 9.3.5 as soon as possible to prevent infection in the future. So tap Settings General Software Update, and if an update is available, install it.
Now that you’re safe and sound again, here’s what bugs me about this whole affair. Lookout (the mobile security company) claims Trident is installed via a commercial spyware product called Pegasus, and a Citizen Lab investigation indicates Pegasus was developed by a shadowy organization known as the NSO Group.
After several hours of internet surfing, all I can tell you for sure about NSO Group is that it has no website and an extremely generic LinkedIn profile, and it was virtually invisible on the internet until last week.
That’s scary. I knew there were so-called “zeroday exploits,” that could, at least in theory, compromise your iDevice’s integrity and security. But I never heard of one found “in the wild” before. I always thought such exploits were created by a small cadre of scammers or black-hat hackers with nothing better to do.
Finding out that there is a company out there that apparently sells spyware that breaches iOS security to foreign governments for millions of dollars … well, let’s just say that blew my mind.
I love a good conspiracy theory, and this one’s as good as any.
But I don’t have all the facts and don’t think I ever will. All I can tell you is that I am pretty sure the NSO Group is a real entity that sold spyware to more than one foreign government before it got caught. We’ll just have to wait to see how things shake out.
In the meantime, I urge you to update all of your iOS devices immediately and hope this is the last time I have to write a column like this.