More than 86 percent of Apple iPhones in the world are apparently still vulnerable to a security flaw that allows a hacker to completely take over the device with just a text message, according to data from mobile and web analytics firm MixPanel.
A surprising number of people have not yet updated the iPhone’s mobile operating system - despite an urgent warning to do so coming from Apple last week - in light of a major security problem the company was forced to correct in iOS 9.3.5.
According to MixPanel's report, which relies on partners sharing the version of iOS people are using to download their apps, only about 11percent of users have updated to the latest version of iOS, while about 2 percent of people are on the beta version of iOS 10, which is also protected from the security issue.
That means more than 86 percent of iOS users are still vulnerable to a malicious tool called “Pegasus,” an impossible-to-detect software that can hack an iPhone using nothing more than a text message.
Apple's developer website, which was last updated on August 15, said 13 percent of users were using a version of iOS 8 or earlier. The website does not break out individual builds, so it's unclear what version of iOS 9 the other 87 percent reported are using. A spokesperson for the company declined to offer more specifics.
Anything below the latest version, 9.3.5, is vulnerable to this kind of attack.
Researchers Bill Marczak and John Scott-Railton of Citizen Lab worked with Lookout Security to discover and document the flaw, which was disclosed last Wednesday. It allows an attacker to install sophisticated spying tools that can activate a person's camera and microphone, track their movements, and log all messages.
They called it a “Trident,” since it used three “zero-day” vulnerabilities, bugs that were unfixed and unknown to Apple, which then had to scramble to fix the issue. The researchers disclosed the problem to Apple before publishing their findings, and the company issued an urgent update to iOS.
People who install Apple's new iOS 9.3.5 version will no longer be vulnerable to this issue, and the company is urging all its users to immediately update.