You should update your iPhone, iPad, Watch and Mac right now

Image c/o: Photo by GotCredit

Today is a really good time to update your iPhones, iPads, Macs, and Apple Watch as Cupertino has published an essential software update to protect you and your device against an insidious exploit developed and sold for a profit by notorious Israeli hackers, the NSO Group.

Defend yourselves against creepy spyware

The hack, dubbed ‘Pegasus’, was a zero-day vulnerability that exploited an iMessage flaw to install spyware onto people’s devices. All it took to be infected was receiving the message – you didn’t even need to open it. The exploit broke through Apple’s most recent BlastDoor defences.

The exploit was widely used to target many high-profile activists. It gave governments almost complete access to target devices, including data, photos, messages, location and more.

Amnesty identified over 180 journalists in 20 nations who were targeted, including in Azerbaijan, Hungary, India and Morocco. The list even includes the editor of the Financial Times.

Today, September 13th, Apple is releasing an update that patches CVE-2021-30860. We urge everyone to immediately update all Apple devices.

— Citizen Lab (@citizenlab) September 13, 2021

Apple is urging all users to install the update, warning that one vulnerability “may have been actively exploited”, as discovered by Citizen Lab, which calls the flaw “Forced Entry”. Citizen Lab warns that messaging apps are a big target for nation state hackers.

[Also read: Now we know who broke all the Apple Shortcuts in 2021]

The update is available for Macs, iPhones, iPads and the Apple Watch and you should install it immediately.

‘We continue to work tirelessly to defend all our customers’

In a statement provided to TechCrunch, Apple’s head of security engineering and architecture Ivan Krstić said:

“After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users. We’d like to commend Citizen Lab for successfully completing the very difficult work of obtaining a sample of this exploit so we could develop this fix quickly. Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data,” said Krstić.

You can learn more concerning this invidious attack here.

“NSO claims its spyware is undetectable and only used for legitimate criminal investigations,” Etienne Maynier, a technologist at Amnesty International’s Security Lab said of the attack at the time. “We have now provided irrefutable evidence of this ludicrous falsehood.”

“The number of journalists identified as targets vividly illustrates how Pegasus is used as a tool to intimidate critical media,” said Agnès Callamard, secretary general of Amnesty International. “It is about controlling public narrative, resisting scrutiny, and suppressing any dissenting voice.”

How to update your device

You should update your device today.

Update iPhone or iPad: Settings>General>Software updates and you’ll be guided through the process, though you will need to connect your device to power.

Update Apple Watch: Once your iPhone is updated you can improve security on your Watch. Open Watch>General>Software Update on your iPhone and follow the prompts.

Update your Mac: Open System Preferences>Software Update and follow the instructions.

Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.