In our 21st century world, it’s become an eternal question: Should you update your iPhone to the newest iOS?
But in this case, the answer is simple: Yes. Like, right away.
Apple released iOS 9.3.5 on Thursday, and unlike the last update — which appeared to mainly be aimed at reeling back in users who had jailbroken their devices — this software patch fixes critical security flaws. Researchers recently discovered three holes in the system that allowed the NSO Group, a cyber spy firm in Israel, to access people’s phones, the New York Times reported. Without the update, the group could take your passwords, see your text messages and track your location.
The spyware in question is called Pegasus, according to security company Lookout and watchdog Citizen Lab, which put out reports Thursday about the hack. And it’s dangerous.
“Pegasus is professionally developed and highly advanced in its use of zero-day vulnerabilities, code obfuscation and encryption,” they wrote. “It uses sophisticated function hooking to subvert OS- and application-layer security in voice/audio calls and apps including Gmail, Facebook, WhatsApp, Facetime, Viber, WeChat, Telegram, Apple’s built-in messaging and email apps, and others. It steals the victim’s contact list and GPS location, as well as personal, Wi-Fi and router passwords stored on the device.”
All of this “happens invisibly and silently” so users aren’t aware they’re being hacked, according to Lookout and Citizen Lab.
Apple told the Associated Press it took care of the security gaps as soon as it found out about the issues. “We advise all of our customers to always download the latest version of iOS to protect themselves against potential security exploits,” spokesman Fred Sainz told the Times.
The 9.3.5 update applies to iPhones, iPads and iPod Touches, according to ArsTechnica. In order to update your device, go to Settings > General > Software Update.