Go Update Your iPhone, iPad, Mac, and Apple Watch Right Now

The headline says it all, folks. Apple just released an emergency patch to a security flaw that let NSO Group’s horrifying Pegasus spyware infect a target’s Apple devices—including their iPhones, iPads, Macs, and Apple Watches.

Are you, personally, likely to be targeted by shadowy hackers-for-hire? Probably not. But that doesn’t mean there’s a good reason to leave your Apple devices vulnerable.

To ensure your devices receive the update, check that you’re using iOS 14.8, iPad OS 14.8, watchOS 7.6.2, macOS Big Sur 11.6, and security update 2021-005 for macOS Catalina. According to Apple, compatible iOS and iPad OS devices include: “iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).”

The zero-day exploit was uncovered by security researchers at the University of Toronto’s Citizen Lab, who put out a report detailing the exploit earlier today. In Apple’s terminology, the update is known as CVE-2021-30860, and it credits Citizen Lab for finding the vulnerability.

Citizen Lab researchers say they stumbled on the flaw when looking into a Pegasus-infected phone that belonged to a Saudi activist, and found that NSO Group had likely exploited a so-called “zero-click” vulnerability in iMessage to get Pegasus onto the device. Unlike most low-level malware, these kinds of exploits require zero input on the user’s part—all NSO needed to do to break into this activist’s device was send over an invisible, malware-laden iMessage without their knowledge, according to the researchers. Past Citizen Lab reports have detailed NSO’s zero-click attacks on other devices, noting that in many cases, those harboring an infected device “may not notice anything suspicious” is actually happening…Read more>>