pushed out an emergency software update today to patch a serious vulnerability in its software. Security researchers discovered a flaw that allows spyware from Israel's NSO Group to inject malware into an iPhone, Apple Watch
, or Mac without a single click. Apple has reportedly been working hard since last Tuesday when cybersecurity researchers at Citizen Lab found that an iPhone belonging to a Saudi activist was infected with spyware from the NSO Group.
Apple sends out emergency software updates to the iPhone and the Apple Watch
The spyware is known as Pegasus and it can infect an iPhone user's device without the owner knowing. Once it infects an iPhone, Pegasus can take control of the camera and microphone and activate both. It also can record messages, texts, emails, and calls and send them to NSO's clients at government's around the world. Even encrypted messages sent via apps like Signal are unprotected when Pegasus has infected your phone.
Apple pushes out an emergency software update for the iPhone
One of the researchers who helped discover the spyware, John Scott-Railton, a senior researcher at Citizen Lab, says, "This spyware can do everything an iPhone user can do on their device and more." And because of the zero-click-capability, a user will not receive the usual tell-tale sign that his phone is infected, such as a suspicious link sent via text or email. Thus, an iPhone owner might not discover that his device has been compromised until it is too late.
As a result of this vulnerability, Apple released iOS 14.8 today. You can find it by going to Settings
> Software Update
. Apple says that the update provides important security updates and is recommended for all users. Apple also stated today that its next iOS 15 software update will feature spyware barriers.
According to The New York Times
, NSO Group has said in the past that it sells its spyware only to those governments that meet certain human rights standards. However, over the last six years, the Pegasus spyware has surfaced on the phones of activists, lawyers, dissidents, doctors, children, and nutritionists in countries like the United Arab Emirates, Mexico, and Saudi Arabia. Last month the Washington Post revealed the results of an investigation which showed that phones belonging to 37 journalists and human rights activists were infected
and spyware placed inside these devices.
Two of the 37 phones attacked by the spyware were two women close to slain Saudi journalist and Washington Post columnist Jamal Khashoggi. The latter was reportedly murdered after he wrote articles that were critical of the Saudi Arabian government.
Download and install the emergency updates immediately!
Apple has been repeating the words "Privacy" and "Security" over and over again as though it were a mantra to be chanted by iPhone users. But where is the privacy and security when your phone can be hacked and someone you don't know takes control of the camera and microphone, and your calls and even encrypted messages end up on a screen in a country that you've never stepped foot in?
Citizen Lab's Scott-Railton made it clear how important it is to install Apple's security patch as soon as possible. "Do you own an Apple product?," he said, "Update it today."
You also will need to update your Apple Watch to watchOS 7.6.2. immediately
Apple also rushed out updates to the Apple Watch (watchOS 7.6.2
) and macOS (Big Sur 11.6). If you don't know how to update your Apple Watch, follow these directions. Open up the Watch app on your iPhone and tap on General
> Software Update
. The update will download to your watch and will start to install once the Apple Watch is connected to its charger and is in range of your iPhone running on Wi-Fi with the battery on the watch is at 50% or higher. Do not restart or remove the watch from its charger until the update is complete.