Apple has today released iOS 9.3.5 to the public, bringing fixes for three zero-day security exploits used to hack into targeted users' iPhones.
According to Mac Rumors, iOS 9.3.5 patches three zero-day vulnerabilities which were actively being exploited by surveillance software:
In an overview of the exploits, security firm Lookout says NSO Group's spyware software, nicknamed "Pegasus," was highly sophisticated, installing itself through a link sent via a text message.
The exploit was initially discovered on August 11 after human rights defender Ahmed Mansoor received a suspicious link and sent it to Citizen Lab and Lookout. Had Mansoor clicked the link, it would have jailbroken his iPhone and installed "sophisticated malware" able to intercept phone calls, text messages, FaceTime calls, email, and more.
Pegasus is the most advanced attack Lookout has seen because it is customizable, can track a range of things, and uses strong encryption to avoid detection. Lookout believes "Pegasus" had been in the wild for quite some time before it was discovered, with some evidence dating back to iOS 7.
As iOS 9.3.5 appears to be a security update to fix three very specific issues, it is unlikely that there will be any accessibility changes in this release. However, if you do spot any changes, please let us know in the comments.
iOS 9.3.5 is available via Over-the-Air Update (Settings> General> Software Update) or via iTunes.