PSA: If you own an Apple device, you may have noticed an unscheduled update notification today. You may want to make these updates as soon as possible. These patches are for iOS, watchOS, and macOS, and fix a major security flaw that has been used since February to install Pegasus spyware on devices without user interaction.
On Monday, Apple canceled emergency updates for iOS, watchOS, and macOS. Security patches were released in response to widespread abuse that allowed operating systems to be infected without user interaction with spyware. Last Tuesday for Apple. The group discovered a vulnerability (CVE-2021-30860) while analyzing the iPhone of a Saudi activist.
Zero-click abuse exploits iMessages vulnerabilities that reference Apple's photo display library and can infect your device. Without user intervention, the researchers found that this vulnerability is inherent in Apple's three operating systems - iOS, watchOS, and macOS. Citizen Lab says it believes the process has been in use since February, but does not know how many devices could be infected with spyware.
Pegasus is a very malicious program that can do everything from turn on the camera and microphone to access device settings. "This spyware can do everything an iPhone user can do on their device," said John Scott Relton, a senior fellow at Citizen Lab. The New York Times Magazine. Another researcher, Bill Marshak, added, "The commercial spyware industry is going black." However, the software has been used on the devices of non-criminals, including diplomats, activists, and journalists. In addition, the German government police agency came under fire last week for purchasing and secretly using the Pegasus to spy on terrorists and members of organized crime.
Apple engineers have been working on the issue since it was reported last Tuesday. Today, Scott Relton released one that asks owners of any Apple device to update the operating system as soon as possible.
If you are interested in the full details of this vulnerability, Citizen Lab has published an article on their website. Apple also mentions patched notes on its support pages.
Image Credit: Amir Cohen/Reuters p>
Apple releases emergency updates to fix the bug that allows highly aggressive spyware to infect its products without any infection