Users of the iPhone, iPad, Apple Watch, and Mac are ‘highly vulnerable’ to invasive spyware, according to Apple, which has issued an emergency update.
Following the revelation of a zero-click, zero-day iMessage exploit thought to be utilized by NSO Group’s thorny Pegasus spyware, Cupertino tech giant Apple has issued an emergency security upgrade.
Apple issued an emergency security update on Monday to address a security weakness that allows the NSO Group’s terrible Pegasus spyware to infect Apple devices. This covers the iPhone, iPad, Mac, and Apple Watch, among other devices.
iOS 14.4.2, iPadOS 14.4.2, and watchOS 7.3.3 are the fixes. Unfortunately, this flaw could allow hackers to infect devices even if the user doesn’t do anything.
Apple’s WebKit browser engine is affected by the zero-day exploit discovered by security researchers at the University of Toronto’s Citizen Lab. Because the security vulnerability is being actively exploited, this update is critically important.
The tech giant also released the iOS 12.5.2 fix for older devices to emphasize the gravity of the security problem. This is compatible with the iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod Touch 6th generation.
Apple did not provide any additional information, but this type of vulnerability might be used to carry out harmful operations such as redirecting consumers to phishing websites.
“Attacks like the ones described are highly complex, cost millions of dollars to build, have a short shelf life, and are used to target specific individuals,” said Ivan Krsti, Apple’s head of security engineering and architecture.
Pegasus spyware infected devices without the victim’s knowledge using an innovative method. It’s known as the “zeroclick remote exploit” and is regarded as the Holy Grail of surveillance by security researchers.
It enables malicious attackers to get unauthorized access to a user’s device and use the camera or microphone to spy on them. It may also secretly record conversations, phone calls, texts, emails, and even encrypted messages without alerting the victim.
Mercenaries, thieves, and even governments are thought to utilize Pegasus malware to eavesdrop on their targets. “This spyware can do everything an iPhone user can do on their smartphone and more,” Citizen Lab senior researcher John Scott-Railton explained.