All Apple users need to update their iPhones, iPads, Apple Watches, and Mac PCs and laptops immediately to save themselves from a zero-click, zero-day vulnerability in the iMessage app that is actively being used to install the NSO Group’s Pegasus spyware.
I realize there’s a lot to unpack there, so first, let’s quickly explain what this vulnerability is and why it’s so serious. Then we’ll cover which updates you need to install right now to keep your devices and your data safe.
On Monday, security researchers at the University of Toronto’s Citizen Lab published a report claiming the Israel-based cybersecurity outfit NSO Group used a “zero-day, zero-click” exploit in the iMessage app’s code (now known as CVE-2021-20860, aka “FORCEDENTRY”) to infect a Saudi activist’s phone with Pegasus—a comprehensive spyware program that can track all activity on a victim’s device and which leaves practically no trace it has been installed on a device.
Normally, the affected user would have to download a malicious file, click a link, or install an infected app for a hacker to remotely install malware like Pegasus, but the Citizen Lab says NSO Group used the iMessage bug to send a totally invisible message laced with the malware to the activist’s phone, and Pegasus installed itself automatically. The activist never saw the message or knew Pegasus was installed, and didn’t have to interact with any malicious files to trigger the attack—hence why it’s called a “zero-click” exploit.
Apple immediately acknowledged and documented the bug following the report, then issued emergency security updates for the affected devices.
Installing the new patches is the only way to fix the bug. While it’s exceedingly unlikely NSO Group would target the average Apple user, the bug is now a proven vector that any hacker with the right skills could exploit—so go download and install the latest security patch for every Apple device you own right now.
iPhone, iPad, and Apple Watch users can start the download under Settings > General > Software Update. Mac updates are available in the Apple menu under System Preferences > Software Update.
You will want to be on the following firmware versions to make sure the vulnerability is closed:
iOS 14.8
iPadOS 14.8
watchOS 7.6.2
macOS Big Sur 11.6
Additionally, macOS Catalina users need to install security update 2021-005. You can see a list of the latest security updates in the Apple Menu under About This Mac > Overview > System Report > Software > Installations.
[Gizmodo]
Edge’s experimental sidebar has been available in Edge Canary since August, but the highly-requested feature is now live in the browser’s developer bu
Apple is extending free repair eligibility for several older MacBook models facing known screen issues.First, Apple has extended the 13-inch MacBook P
YouTube has a copyright issue. While the platform’s AI-powered Content ID prevents illegal uploads of copyrighted material, it often hits legitimate c
Instagram is adding two new anti-harassment tools aimed at cutting down abusive messages you might receive on the platform. Here’s a quick look at how
We’ve all had those horrifying moments (maybe some of us more often than others) when we realize we just sent an important email with an embarrassing
Google Photo’s Memories are one of the fun consequences of handing our photo collections over to AI; the feature groups photos and videos together to
It’s easy to forget the password to an account like Apple ID. While it’s integral to your entire Apple ecosystem, it’s likely not an account you sign
The MacBook Pros are finally pro machines again. Now that the ports are back, and Apple has upgraded the power and the design, it’s your turn to upgra
We are a comprehensive and trusted information platform dedicated to delivering high-quality content across a wide range of topics, including society, technology, business, health, culture, and entertainment.
From breaking news to in-depth reports, we adhere to the principles of accuracy and diverse perspectives, helping readers find clarity and reliability in today’s fast-paced information landscape.
Our goal is to be a dependable source of knowledge for every reader—making information not only accessible but truly trustworthy. Looking ahead, we will continue to enhance our content and services, connecting the world and delivering value.
