Update Your Apple Devices Now to Fix This Severe IMessage Error
All Apple users need to immediately update their iPhones, iPads, Apple Watch, PCs and Macs to avoid a zero-day vulnerability in the iMessage app, which is heavily used to install NSO Group’s Pegasus spyware.
I understand there is a lot to unpack here, so first let’s quickly explain what this vulnerability is and why it is so serious. Then we’ll take a look at what updates you need to install right now to keep your devices and data safe.
On Monday, security researchers at the University of Toronto’s Citizen Lab released a report claiming that the Israeli cybersecurity arm of the NSO Group used a zero-day, zero-click exploit in the code of an iMessage app (now known as CVE-2021-20860). , also known as “FORCEDENTRY”) to infect the phone of the Saudi activist Pegasus , a complex spyware program that can track everything on a victim’s device and leaves little to no trace that it was installed on the device.
Typically, an affected user has to download a malicious file, click a link, or install an infected application for a hacker to remotely install malware like Pegasus, but Citizen Lab says NSO Group used the iMessage bug to send a completely invisible message. with malware on the activist’s phone, and Pegasus was installed automatically. The activist never saw the message and did not know that Pegasus was installed and did not need to interact with any malicious files to trigger an attack – which is why it is called a zero-click exploit.
Apple immediately acknowledged and documented the bug following the report, and then released emergency security updates for the affected devices.
Installing new patches is the only way to fix the bug. While it’s highly unlikely that the NSO Group will target the average Apple user, this bug is now a proven vector that any hacker with the right skill can use, so download and install the latest security patch for every Apple device you own right now.
IPhone, iPad, and Apple Watch users can start the download by going to Settings> General> Software Update. Mac updates are available from the Apple menu under System Preferences> Software Update.
You need to use the following firmware versions to make sure the vulnerability is closed:
- iOS 14.8
- iPadOS 14.8
- watchOS 7.6.2
- macOS Big Sur 11.6
Additionally, macOS Catalina users must install Security Update 2021-005 . You can see a list of the latest security updates in the Apple menu under About This Mac> Overview> System Report> Software> Preferences.
[ Gizmodo ]