Apple rushes out emergency update to stop ‘zero-click’ spyware

In News

Apple has released a software update to prevent “zero-click” spyware from infecting iPhones and iPads. The weakness, which allows hackers to access devices via the iMessage service even if users do not click on a link or file, was discovered by independent researchers.

According to the experts, the issue impacts all of the technology giant’s operating systems. The security update was released in response to a “maliciously constructed” PDF file, according to Apple.

The vulnerability was found by the Citizen Lab at the University of Toronto while analyzing the iPhone of a Saudi activist who had been a victim of a Pegasus assault.

Apple is addressing the problem in iOS 14.8, iPadOS 14.8, macOS 11.6 and watchOS 7.6.2 software updates for iPhone, iPad, Mac, and Apple Watch. The software updates arrived one day before Apple’s much-anticipated product announcement event. Apple is anticipated to announce the release date for iOS 15, the company’s next major software upgrade, which will include enhanced security features.

Josh Goldfarb, Director of Product Management at F5, commented, “The “zero-click” exploit targeting Apple iPhones marks a very interesting turn for users of technology. Since these particular attacks are generally highly targeted, the risk of infection for most everyday users is quite low. Nevertheless, for users that have been trained on statements like “don’t open email attachments from someone you don’t know”, “don’t click on links in text messages from unknown senders”, and others like them, this is something new entirely. When attackers don’t need us to play along in order to compromise our devices via phishing/vishing/smishing, it opens up a world of possibilities that feels more like sci-fi than real life. It will be interesting to watch how we as a security community adapt and respond to threats like this one in the coming weeks, months, and years.

Comments

You may also read!

Safe Security appoints Cherif Sleiman as Chief Revenue Officer to Head EMEA

Safe Security, a pioneer in Cybersecurity & Digital Business Risk Quantification announced its entry into the Europe, Middle East

Read More...

SealPath’s data-centric approach empowers organisations to meet cybersecurity compliance in Saudi Arabia

SealPath, a leading provider of information protection and control solutions, has recently highlighted how its revolutionary data-centric security approach

Read More...

Kaspersky records over 2 million phishing attacks in South Africa, Kenya and Nigeria in H1 2021

There was a reduction in the number of phishing attacks recorded and blocked by Kaspersky (www.Africa.Kaspersky.com)in South Africa (17%

Read More...

Join Our Newsletter!

Love SecurityMEA? We love to tell you about our new stuff. Subscribe to newsletter!

Mobile Sliding Menu