Apple recently issued an emergency patch for its devices, including Macs, iPhones, iPads and Apple Watches. A zero-day exploit was discovered on iMessage that lets malicious actors harvest all data (texts, emails, calls, photos, personal information) in a device through Pegasus spyware.
Apple Discovers iPhone Spyware in iMessage Function
According to Gizmodo, security researchers from the University of Toronto's Citizen Lab discovered the exploit last Monday. The zero-day exploit, a security vulnerability that might have existed for a while now, was first identified in a Pegasus-infected smartphone that belonged to a Saudi activist.
For reference, the Pegasus spyware is a dangerous malware discovered earlier this year. The spyware had capabilities to harvest all data in a device, transmit the data remotely to the attacker, monitor the phone owner's movements, track their location in real-time, and even accurately pinpoint their traveling speed if the owner travels by car.
The same danger was recently linked to all Apple devices.
The security vulnerability, officially known as CVE-2021-30860, was found on iMessage functions. To exploit this, attackers simply need to send an "invisible, malware-laden iMessage." Users won't even need to open the message. The malware message will automatically infect the device with zero-click attacks.
Worse yet is the fact that users of the infected device might not notice anything suspicious. Attackers behind the Pegasus malware could do "anything" on the device once its infected, like opening texts or emails, track call histories, and even switching on-device camera without user permission.
According to the Citizen Lab researcher Jhon Scott-Railton, even communications in encrypted apps like Signal or Telegram could be harvested through Pegasus malware.
With this attack's severity, Apple immediately issued a security alert and released a patch fix for all Apple devices.
Apple Emergency Patch: How to Download iPhone Spyware Security Fix
The Apple security fix and updates released are listed on Apple's official webpage. Listed below are the latest software version for Apple devices. Note that downloaded software updates cannot be downgraded to the previous version. All security updates were released on Monday.
- macOS Catalina and macOS Mojave: Safari 14.1.2
- macOS Catalina: Security Update 2021-005 Catalina
- iPhone 6s and later smartphones: iOS 14.8
- iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation): iPad OS 14.8
- Apple Watch Series 3 and later: watch OS 7.6.2
The Apple security updates should automatically be installed for devices that enabled "Automatic Updates." However, users are recommended to double-check.
To check on the software version, head to "Settings," "General," and open "About." The "Software Version" should be similar to the ones listed above.
If the software does not match, users are recommended to download the update manually. Users should plug in their devices during updates to avoid power interruption. Users can manually update by going to "Settings," "General," and "Software Update." If a software update is listed, tap "Install Now." Users might be required to either their Passcode for validation.
Related Article: Apple iOS 15 Release Date, Features: 4 Special Upgrades You Should Watch Out For