A few hours before Apple unveils its newest devices, the company has rolled out an emergency patch for its devices like the iPhone, iPad, Macs, and Apple Watches. It fixes a security flaw that allowed Israel’s NSO Group’s Pegasus spyware to infect targeted Apple devices.
It was spotted by security researchers from the University of Toronto’s The Citizen Lab after analyzing the iPhone of a Saudi activist that had the spyware on it. It could provide the hackers with access to your camera, microphone, text messages, calls, and emails.
According to Citizen Lab, it looks like NSO found a so-called “zero-click” vulnerability in iMessage to get Pegasus onto the device. These kinds of exploits don’t need any input on the user’s part. To break into the activist’s iPhone, all they needed to do was send over an invisible, malware-laden iMessage without their knowledge.
The details about the exploit were sent to Apple on September 7, and it took the company a week to fix it.
As Gizmodo noted, you might not be the target for the hackers-for-hire, but it’s better not to leave your Apple devices vulnerable to any exploit.
These are the updates you need to watch to get the fix: iOS 14.8, iPadOS 14.8, watchOS 7.6.2, macOS Big Sur 11.6, and security update 2021-005 for macOS Catalina. Compatible iOS and iPad devices include iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).