The message is the message: Apple just sent an emergency patch to all devices after discovering a vulnerability that allowed NSO Group’s malicious Pegasus spyware to infect Apple devices, so the company’s official support site.
This hidden exploit in iMessage could affect iPhones, iPads, Apple Watches, and Mac computers. So, you need to stop what you are doing and update your Apple device right away.
Citizen Lab discovered the Apple exploit on a Saudi activist’s phone
Statistically, you are probably not the one the hackers want to take advantage of. But that’s not an excuse to pester yourself (and your device) with a major vulnerability. Fortunately, the solution is simple. First, check to see if your device is running iOS 14.8, iPad OS 14.8, macOS Big Sur 11.6, watchOS 7.6.2, or the 2021-005 security update for macOS Catalina, depending on which devices you have. Apple says iPad OS or iOS devices compatible for the update include iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation). ” If you’re wondering where this is coming from, the answer lies in Canada.
University of Toronto researchers Citizen Lab shared an urgent report Explain the exploit earlier Monday. Apple has named the update CVE-2021-30860 and names Citizen Lab as the instance that discovered the critical exploit. Citizen Lab researchers reported that they uncovered the flaw while investigating a phone infected with Pegasus that belonged to a Saudi activist. During the investigation, they discovered that the NSO Group had likely exploited a so-called “zero-click” vulnerability in iMessage that opened the door for Pegasus to upload onto your device. Typically, low-level malware doesn’t require user input, meaning that NSO just had to break into your iPhone to send a hidden, malware-filled iMessage with no notification, the researchers explained in their report.
Encrypted apps are not protected from the new Apple exploit
Earlier Citizen Lab reports also have detected zero-click attacks from NSO to other devices, and often devices infected with the exploit notice “nothing suspicious,” which means that it is up to the researchers, Apple, and each user to get the word out whenever it comes across them. Worryingly, once infected, a hacker who has exploited your phone can “do anything an iPhone user can do on their device and more”. a New York Times report. This means that you can track calls, sent emails or SMS, and even activate your device’s camera without it being turned on. And if you take consolation encrypted apps like Telegram or signal, these are fully accessible through your device, i New York Times.
As with previous similar exploits, this time around, Apple’s hardware team acted quickly to fix zero-click vulnerabilities. In February of this year, the company secretly changed the code behind iOS to greatly increase the difficulty NSO would have the next time it attempted such a large-scale but subtle attack.
TThis story was groundbreaking and was regularly updated as new information became available.