Apple just released iOS 9.3.5 to fix a few critical security vulnerabilities that have been used to compromise iPhones in the wild. You should definitely update your iOS to fix these flaws, but in my opinion you should just skip iOS 9.3.5 and get a head start playing with the imminent iOS 10.
Apple and security experts are urging iOS users to update to the newly released iOS 9.3.5 as soon as possible. Apple developed the update to address critical security flaws in iOS after exploits were used to compromise iPhones and spy on journalists and dissidents in the wild. Another alternative, however, is to go ahead and make the switch to the iOS 10 beta.
Critical Security Concerns
Apple’s release notes for iOS 9.3.5 describe the three vulnerabilities addressed by the update. The hack discovered in the wild relied on a combination of the three to remotely jailbreak the target iPhone and surreptitiously install spyware to record location data, view the camera, and listen through the microphone—including being able to eavesdrop on WhatsApp and Viber calls and text messages believed to be inherently more secure.
“The rushed announcement of the 9.3.5 patch update by Apple is not that surprising given that smartphones have become the target of hackers as they are now the credit card and personal assistant of everything,” proclaimed Mark Skilton, a security researcher and Professor of Practice in the Information Systems and Management Group at Warwick Business School.
Skilton explained, “There are three lessons to be learned from this attack: Increased complexity of mobile devices where individual system faults may be accepted but when combined become a cascade failure. Second, just having an encrypted app like WhatsApp does not protect your privacy if the operating system it runs on is violated. And thirdly, the need for crowdsourcing testing to keep checking and monitoring cyber threats is critical in today’s connected business.”
I think one of the primary lessons here is a lesson that Apple’s Mac OS X customers learned in recent years as well—better security does not mean “invulnerable”, and the perception of better security doesn’t actually prevent hacks and exploits. In other words, iOS is more secure by design than rival mobile operating systems—especially Android—but more secure doesn’t mean that it can’t be attacked.
You can read the full story on Forbes: You Can Fix Critical iOS Security Flaw By Jumping To iOS 10.