Apple has recently delivered an unscheduled update for iOS, iPadOS, watchOS, and macOS to secure devices from Pegasus spyware, which has been installing without the user’s intervention since February. The four emergency updates are iOS 14.8, iPadOS 14.8, watchOS 7.6.2, and macOS Big Sur 11.6 (click to read details). Cupertino giants recommend all users download and install these updates on their respective devices as soon as possible.
To be clear, these updates do not add any new feature to the operating system but fix major security flaws.
The two main addressed problems are about CoreGraphics Framework in iOS, iPad OS, and macOS and another one from Apple’s Webkit browser engine.
The group of Security researchers from the University of Toronto’s Citizen Lab revealed the threat dubbed “ForcedEntry” to the company, which they found in a security hole (CVE-2021-30860) while inspecting a Saudi activist’s iPhone.
The “zero-click exploit” supporting weakness of i-Messages that may call Apple image rendering library and can damage the device without owner interaction. It is found that this threat can arise in iOS, watchOS, and macOS systems.
According to Citizen Lab, this vulnerability is spreading since February and there is no idea about how many devices are affected till now. “Pegasus spyware can perform every function that uses can do on their device and more,” a senior Security researcher from Citizen lab told The New York Times.
As detailed in our previous articles, the NSO group only sells its spyware to government law enforcement agencies per regional laws and regulations to use it in a positive way. But the spyware is found activated in the devices of non-criminals like journalists, diplomates, etc.
For iPhone and iPad, users can check iOS 14.8 and iPad OS 14.8 update by opening Settings>>General>> Software Update.
For macOS Big Sur 11.6 update open System Preferences menu>>Software Update.