Apple Intelligence now features Image Playground, Genmoji, Writing Tools enhancements, seamless support for ChatGPT, and visual intelligence.

Apple Intelligence has also begun language expansion with localized English support for Australia, Canada, Ireland, New Zealand, South Africa, and the U.K. Learn more >

You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

📰 Newsroom Update

Voice Memos update brings Layered Recordings to iPhone 16 Pro and iPhone 16 Pro Max. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

iOS Pegasus Hack?

The recently revealed Pegasus iOS hack that uses a text message with malformed link to exploit WebKit vulnerability has been fixed in iOS 9.3.5. However, for those who are infected there is no known way to clean the device. Since the hack jailbreaks the device to make kernel mods I am assuming the tell tale sign is apple updates no longer work. Can anyone confirm?

iPhone 6, iOS 9.3.5

Posted on Sep 13, 2016 6:25 AM

Reply
Question marked as Top-ranking reply

Posted on Sep 13, 2016 6:32 AM

IiPhone update iOS 9.3.5

9 replies

Sep 13, 2016 6:35 AM in response to EarthBased

Everything I've read states 9.3.5 patches against further attacks but nothing I read stated any remedies for system that was jailbroken by this hack.



For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available.*

About the security content of iOS 9.3.5 - Apple Support

Sep 13, 2016 6:50 AM in response to EarthBased

According to Lookout (one of the labs that identified the zero day exploits used by Trident and Pegasus) they have an app that can detect an existing infection. I've never run any A/V software on an iOS device, but you may wish to look into it if interested.


https://blog.lookout.com/blog/2016/08/25/trident-pegasus/


http://www.imore.com/apple-has-patched-pegasus-malware-heres-what-you-need-know

Sep 13, 2016 9:00 AM in response to iOS 9.3.3

iOS 9.3.3 wrote:


IiPhone update iOS 9.3.5

User uploaded file


Everywhere I look, everyone is saying iOS 9.3.5 will remove Pegasus infection but Lookout security says otherwise:

https://blog.lookout.com/blog/2016/09/02/pegasus-trident-ios-update/

I'm not sure who to trust. If this is a Windows computer, the foolproof solution is to format and reinstall the OS. We can't do that to a smartphone.

Sep 13, 2016 9:13 AM in response to ShagCA

If someone suspects they may have been infected, restoring the device as new in iTunes and setting it up from scratch is the equivalent of a computer reformat and re-install from clean media. Of course, that means abondoning all data on the device or using any backups to restore from.


Quite honestly, I do believe what Lookout reports as their group was one of the original teams to first identify and analyze the exploits and malicious software. They reportedly then did work with Apple to plug the exploits with iOS 9.3.5.

Sep 13, 2016 9:42 AM in response to ShagCA

Because Lookout is an enterprise security systems company and so warns enterprise companies not to wipe as it means they cannot conduct forensic analyses of their enterprise infection, and may loose valuable company data - https://blog.lookout.com/blog/2016/09/02/pegasus-trident-cio-ciso-what-to-do/


For an individual who understands they are inherently going to loose all their data, then a restore as new device in iTunes will erase all content and re-install the latest iOS. Then, as long as they avoid backups, the infection will be gone.


As i said, a restore as new device in iTunes is the iOS equivalent of a re-format and re-install from trusted media on a Windows or OS X computer.


Other media security sites and Apple tech news sites have already reported that's the best you can do if you think you are actually infected. Lookout will sell you their software and work with you if you wish to trace any infection beyond a single device (or you can use their App to check your device for infection after updating to iOS 9.3.5).


P.S. The Lookout Pegasus detection app is free to use for that single purpose. Note that it may give some false positives on some devices, as the app was not purpose built just to detect Pegasus.

Sep 13, 2016 9:48 AM in response to Michael Black

I'm not convinced factory reset (restore as new) equals format/reinstall unless you really know how iOS factory reset really works internally. As far as I know Apple does not disclose that information. I suppose one can try Lookout app to scan before and after factory resetting the device to see if Pegasus malware is no longer there.

iOS Pegasus Hack?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.