Apple has released a series of updates over the last month related to unprecedented vulnerabilities in iOS 9. The vulnerabilities were discovered by security firm Citizen Lab assisted by Lookout Security.
You can check your iOS version at Settings > General > About > Version. Anything less than 9.3.5 and you’ll need to install the update via Settings > General > Software Updates. Make sure you’re connected to wifi as this update is over the size limit that Apple allows over cellular; and allow at least 30 minutes, although my devices updated in about 15.
This update patches three potential exploits creatively dubbed “the Trident”.
- CVE-2016-4657: An exploit for WebKit, which allows execution of the initial shellcode
- CVE-2016-4655: A Kernel Address Space Layout Randomization (KASLR) bypass exploit to find the base address of the kernel
- CVE-2016-4656: 32 and 64 bit iOS kernel exploits that allow execution of code in the kernel, used to jailbreak the phone and allow software installation
You should make time to install this patch immediately if you’d prefer to keep your phone secure from lord knows who, and especially if you’re a political dissident.