Hub - Security

14th September 2021

Apple Releases Urgent Update to Patch Zero-Day Exploit

Apple has released an urgent, critical software patch to fix a major security vulnerability, after researchers found spyware could exploit it to hack directly into iPhones and other Apple devices.

The vulnerability was found on 7 September 2021, following which, Apple was immediately alerted to the threat. The malicious software takes control of an Apple device by first sending malicious image files embedded in a message through iMessage, the company’s default messaging app, and then hacking through a flaw in how Apple processes images and then utilises Pegasus spyware.

The iMessage security vulnerability makes the phones susceptible to eavesdropping and remote data theft, and is applied to all Apple devices. Pegasus can turn on a user’s camera and microphone, record messages, texts, emails, calls — even those sent via encrypted messaging and phone apps like Signal — and send them back to the attacker.

Pegasus doesn’t require users to click on any suspected link or open infected files and is considered the pinnacle in surveillance technology, as it allows hackers to break into a person’s phone without alerting the victim.

It is recommended that all Apple device users should update their phone, iPad, and Mac device’s iOS software immediately to mitigate this risk.

The latest from CTS