Apple pushed out an emergency software update today to patch a serious vulnerability in its software. Security researchers discovered a flaw that allows spyware from Israel’s NSO Group to inject malware into an iPhone, Apple Watch, or Mac without a single click. Apple has been working hard since last Tuesday when cybersecurity researchers at Citizen Lab found that an iPhone belonging to a Saudi activist was infected with spyware from NSO Group.
The spyware is known as Pegasus and it can infect an iPhone user’s device without the owner knowing. Once it infects an iPhone, Pegasus can take control of the camera and microphone and activate both. It also can record messages, texts, emails, and calls and send them to NSO’s clients at government’s around the world. Even encrypted messages sent via apps like Signal are unprotected when Pegasus has infected your phone.
Apple pushes out an emergency software update for the iPhone
One of the researchers who helped discover the spyware, John Scott-Railton, a senior researcher at Citizen Lab, says, “This spyware can do everything an iPhone user can do on their device and more.” And because of the zero-click-capability, a user will not receive the usual tell-tale sign that his phone is infected, such as a suspicious link sent via text or email. Thus, an iPhone owner might not discover that his device has been compromised until it is too late.
As a result of this vulnerability, Apple released iOS 14.8 today. You can find it by going to Settings > General > Software Update. Apple says that the update provides important security updates and is recommended for all users. Apple also stated today that its next iOS 15 software update will feature spyware barriers.
