Apple released iOS 9.3.5 on Thursday to address a big zero-day security flaw that could expose iPhone and iPad user’s personal data. The threat could be used to exploit information from email, contacts, text messages, phone calls, and more—and it looks like NSO Group has been doing just that so governments can spy on journalists and people they classify as dissidents.
It took Apple ten days to patch the flaw after researchers from Citizen Lab at University of Toronto’s Munk School of Global Affairs, and the mobile security company Lookout shared their findings with the company. The researchers uncovered the flaw after a human rights activist from the United Arab Emirates, Ahmed Mansoor, suspected he was the target of government eavesdropping, according to the New York Times.
NSO Group’s software took advantage of the iPhone and iPad security flaw to harvest personal information, listen to conversations through the device’s built-in microphone, and log locations via GPS.
This is a real zero-day exploit some governments are using, thanks to NSO Group’s software, to spy on political targets, journalists, and possibly other people, too. It’s a free update Apple is advising all iOS 9 users to install.
You can find the iOS 9.3.5 update by going to Settings > General > Software Update.