It’s time to stop automatically hitting “install later” and immediately update your iPhone software. No, really.
Apple has issued an emergency software update after discovering a flaw in the system that allowed spyware to infect Apple products with a “zero click” exploit, meaning products could be vulnerable without users even having to click something.
The malware has been linked to Israel’s NSO Group. It can infect any Apple product, including iPhones, iPads, Apple Watches or Mac computers.
This marks the first time that a “no click” exploit has been detected and analyzed. Typically, the “hacked” must have clicked on something, allowing the hacker access to the device. The “zero click remote exploit” allows hackers to secretly break into anyone’s device without ever alerting the user.
Researchers from Citizen Lab, a cybersecurity watchdog organization at the University of Toronto, discovered the malware, called Pegasus. They have said there is high confidence that the malware belongs to Israeli surveillance firm NSO Group. Pegasus has access to the devices’ cameras, microphones, messages, calls, emails, voice notes, texts, encrypted messages – everything. Information retrieved from the device can be sent off to governments or any client worldwide.
While the attacks tend to be incredibly targeted and specific, the incident is obviously alarming to the average individual.
Earlier this summer, NSO Group’s spyware had been used in order to target journalists, dissidents and activists. The group has said that its spyware is only used against serious criminals or against terrorists, but a leaked list of more than 50,000 phone numbers shows it must be a broader target than the group has let on.
While the hack continues to be investigated, Apple is urging all customers to update the software on their devices. The new updates – iOS 14.8, MacOS 11.6 and WatchOS7.6.2 – include fixes for the software to protect against this spyware.