The attack utilizes a mobile spyware product, ‘Pegasus,’ created by NSO Group — an Israeli cyber warfare company — designed to attack high-value targets. Using one of three known iOS 9.3.4 security vulnerabilities — dubbed ‘Trident’ — the exploit is capable of hijacking an iPhone or iPad with a single click.
Unfortunately, the vulnerabilities are more than a month old at this point, so it’s unclear how widespread the damage is. Security researchers at Citizen Lab and Lookout worked directly with Apple to identify, and push an emergency patch to close the vulnerabilities.
Today, Apple released an iOS update containing the patch, iOS 9.3.5.
iOS 9.3.5 follows another security patch three weeks ago, 9.3.4, that was thought to be the final iOS 9 update before the release of iOS 10 next month. The newly-discovered vulnerability led to a change of plans, and a new iOS version. The update is available now for all iOS devices.
If you’re currently running iOS 9.3.4 (or older), it’s imperative to update your device immediately.