Are you someone who usually ignores your iPhone when it tells you it has a software update?

You might want to reconsider when it comes to iOS 9.3.5.

That patch was released today to fix three exploitable security flaws which make it possible to remotely take over an iPhone.

Apple was alerted to the problem by experts at the University of Toronto's Citizen Lab, who uncovered the flaws — which they dubbed the "Trident" exploit chain — in collaboration with security company Lookout.

This is how they found out about them.

Earlier this month, a prominent human rights activist from the United Arab Emirates, Ahmed Mansoor, was sent a text message with a link purporting to contain secret information about detainees tortured in UAE jails.

Had he clicked the link, this is what Citizen Lab says would have happened:

Once infected, Mansoor's phone would have become a digital spy in his pocket, capable of employing his iPhone's camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements.

Citizen Lab says the spyware also could have collected:

Data from his Gmail and Facebook accounts

Data from his Gmail and Facebook accounts Calendar data and contact lists

Calendar data and contact lists Passwords, including those used for wi-fi networks

Luckily, instead of clicking the link, Mr Mansoor sent the text message to Citizen Lab for them to analyse — you can read their full findings on their website.

Apple was told about the problems and today released the iOS 9.3.5 patch in response to block the potential for exploitation.

These are the instructions from Apple on how to make sure your device gets updated.

Who was behind the attack?

Citizen Lab sees the UAE Government as the likely culprit for this hacking attempt, given the high cost of the technology involved (similar technology has been acquired for $US1 million) and the fact that Mr Mansoor has been targeted by his government in the past.

However, the company says the attacker was using spyware with connections to Israeli and US businesses:

We recognised the links as belonging to an exploit infrastructure connected to NSO Group, an Israel-based "cyber war" company that sells Pegasus, a Government-exclusive "lawful intercept" spyware product. NSO Group is reportedly owned by an American venture capital firm, Francisco Partners Management.

The NSO said in a statement that its products are only made available for lawful purposes — that is, to prevent and investigate crimes.

Meanwhile, despite the fact that Citizen Lab uncovered this vulnerability, they still had these reassuring words for iPhone users:

The iPhone has a well-deserved reputation for security. As the iPhone platform is tightly controlled by Apple, technically sophisticated exploits are often required to enable the remote installation and operation of iPhone monitoring tools. These exploits are rare and expensive.

Are there other security flaws that we just don't know about?

Almost definitely, says Dr Mark Gregory, an internet security expert from RMIT:

It's not like this is a one off. This is happening all too often. ... We know now from the WikiLeaks papers that the NSA was exploiting security weaknesses in devices for years, and they never told the device manufacturers or the operating system manufacturers about the problems. If the NSA are exploiting these weaknesses, we should be expecting every criminal around the block to be doing the same.

Dr Gregory says Apple "absolutely" could have avoided the security flaws that were revealed today had it taken the necessary precautions in the first place.

He says he can't understand why governments aren't requiring manufacturers to go through more robust and diligent testing before they release updates:

Companies like Apple are using users and research labs as beta testers after the software has been released. ... It's almost anticipated now that you'll get the update, and then a month or so later, you'll get the patches that'll start coming out for the various flaws that are found.

This is what Dr Gregory had to say about the idea that Apple is more secure than Android: