iOS 9.3.5 has been released, which includes fixes for three critical security flaws in iPhones, iPads, and iPods. CAIT strongly recommends updating all devices as expediently as possible.
Apple's security release notes say that three bugs have been fixed, two in the iOS kernel and one in WebKit. The bugs were discovered by Citizen Lab and Lookout, which said they were actively exploited to hijack the iPhone of a political dissident. Lookout collectively calls the three zero-day vulnerabilities "Trident," and says that they could allow an victim's personal data to be accessed after opening a link sent in a text message. Trident infects a user's phone "invisibly and silently, such that victims do not know they’ve been compromised." We'll have more information about the vulnerability in a forthcoming article.
The update is available now for everything that runs iOS 9: the iPhone 4S and newer; iPad 2 and newer; all iPad Minis and iPad Pros; and the fifth- and sixth-generation iPod Touches.