Another Day, Another Zero-Day Exploit

August is a slow news month, especially for technology, so the press jumped all over the serious security problems (and their fix) announced by Apple this week.

The problems are serious; by clicking a single link, your entire iPhone can be remotely “jailbroken”, potentially allowing someone else access to the entire phone (all contents, location, camera, and microphone). The particular incident involved two things:

  1. Trident, a series of exploits that makes a device accessible (including "zero-day", or previously unknown, vulnerabilities), and
  2. Pegasus, a commercial spyware package from NSO Group that is sold exclusively to government agencies. 

(If you want more details, read the Executive Summary and Conclusion of The Million Dollar Dissident from Citizen Lab, the Canadian research laboratory that researched this event.)

What Should You Do? Update Immediately.

Apple announced an update to iOS that closes the door on Trident. So to protect yourself, update all of your iPhones and iPads to iOS 9.3.5 as soon as possible.

(Not sure what version you are running? On you device, go to Settings > General > About > Version.)

Before you update, make sure you have a current backup either on your computer via iTunes or in iCloud Backup.


Corrected 2016-08-28: Apple’s patch addresses the Trident vulnerability, not Pegasus.