Apple has released a software update to prevent “zero-click” spyware from infecting iPhones and iPads. The weakness, which allows hackers to access devices via the iMessage service even if users do not click on a link or file, was discovered by independent researchers.
According to the experts, the issue impacts all of the technology giant’s operating systems. The security update was released in response to a “maliciously constructed” PDF file, according to Apple.
The vulnerability was found by the Citizen Lab at the University of Toronto while analyzing the iPhone of a Saudi activist who had been a victim of a Pegasus assault.
Apple is addressing the problem in iOS 14.8, iPadOS 14.8, macOS 11.6 and watchOS 7.6.2 software updates for iPhone, iPad, Mac, and Apple Watch. The software updates arrived one day before Apple’s much-anticipated product announcement event. Apple is anticipated to announce the release date for iOS 15, the company’s next major software upgrade, which will include enhanced security features.
Josh Goldfarb, Director of Product Management at F5, commented, “The “zero-click” exploit targeting Apple iPhones marks a very interesting turn for users of technology. Since these particular attacks are generally highly targeted, the risk of infection for most everyday users is quite low. Nevertheless, for users that have been trained on statements like “don’t open email attachments from someone you don’t know”, “don’t click on links in text messages from unknown senders”, and others like them, this is something new entirely. When attackers don’t need us to play along in order to compromise our devices via phishing/vishing/smishing, it opens up a world of possibilities that feels more like sci-fi than real life. It will be interesting to watch how we as a security community adapt and respond to threats like this one in the coming weeks, months, and years.