Why you need to update your Apple products' software ASAP

On Monday, Apple sprinted to release emergency software updates to patch a security vulnerability in its products. The move was in response to an alert from researchers from the University of Toronto’s cybersecurity watchdog organization, Citizen Lab. Researchers there found that a Saudi activist’s iPhone was infected with spyware from an Israeli company, NSO Group, The New York Times reported, leaving more than 1.65 billion Apple users worldwide exposed since at least March. 

© Dimitri Karastelev / Unsplash New Pegasus spyware can stealth snoop on users.

The timing is less than ideal for the company, which is unveiling its new iPhones today in a keynote event. 

Usually, when malicious code worms its way into a device, it sends suspicious links through text or email, trying to get the users to click on it through phishing. But this particular spyware, called Pegasus, could infiltrate Apple devices without setting off any flags that made the user aware of its presence through a technique called a “zero click remote exploit.” 

Once Pegasus arrives inside the device, it can access the camera, microphone, as well as messages, texts, emails, and calls that the user sends and receives. It can even see messages sent through apps that use encrypted messaging like Signal. 

The NSO Group could presumably sell whatever it gleaned from the user’s digital life to its clients, which include governments around the world. Further, the Times has also reported that NSO previously used Pegasus to surveil activists, dissidents, lawyers, doctors, nutritionists and even children in countries like Saudi Arabia, the United Arab Emirates and Mexico. 

Ivan Krstić, Apple’s head of security engineering and architecture, said in statements to multiple outlets that customers should install the latest software updates for the fixes to take effect. These would be iOS 14.8, MacOS 11.6 and WatchOS 7.6.2. To get there, users should go to their Settings, click the tab that says General, then click Software Update, and tap Download and Install for the latest version that’s available. 

“Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life and are used to target specific individuals,” Krstić added. John Scott-Railton, a researcher with Citizen Lab, also told WSJ that hacks like these are rare and expensive to fund. 

Toby Lewis, Global Head of Threat Analysis at Darktrace, says in an email to PopSci that “while these attacks are not a threat to most Apple users, criminal attackers could use the access to steal personal data for bigger campaigns, fraud, theft, and potentially even mass user lockout to ask for payment.” 

[Related: A T-Mobile data breach could put 30 million social security numbers at risk]

According to Lewis, cyber-attackers will always target companies like Apple, because their technology is so wide reaching and has become critical to our lives. We use it to do everything from navigating with maps to accessing bank accounts. 

For its security architecture, Apple has long operated a so-called “walled garden” in which the underlying operating system on the phone is completely inaccessible to any third-party applications, Lewis explains. These applications, which can only be installed through the official App Store, undergo careful vetting before being assigned to a compartmentalized area of storage and processing. “The only real way for malware to become installed on an Apple device is by exploiting the underlying operating system – the process known as Jailbreaking,” Lewis says. This is different from systems like Android’s, which is a “more open affair.” 

The benefit of the Android architecture is that it lets users install whatever applications they like, but they don’t have the protections Apple offers. “Even via the official App Store (Google Play), there is only limited vetting and moderation, increasing the risk of malware being installed without the need for a clever exploit,” Lewis says of the Android system.

As a precaution, Lewis advises all users who access proprietary information to update their systems immediately. 

“Overall, Apple has a great track record of working with researchers to identify exploits so they can quickly patch. But that doesn’t mean the zero-day hadn’t already been exploited in the wild before it was identified,” Lewis notes. “The research group who discovered the exploit found it in March while examining a Saudi activist’s phone. Apple issued a patch in September.” 

This exploit follows another systems-related controversy in August, where Apple faced pushback from privacy tech experts after rolling out a feature that would limit the spread of child sex abuse material (CSAM). An open letter addressing the company claimed that the “proposal introduces a backdoor that threatens to undermine fundamental privacy protections for all users of Apple products.”

News Related

OTHER NEWS

People with Down's syndrome most at-risk from Covid

© Provided by Daily Mail MailOnline logo People with Down’s syndrome, sickle cell disease and kidney transplant patients are most at risk of dying from the coronavirus after having two ... Read more »

Croker backs Hasler for prelim master plan

Manly hooker Lachlan Croker believes Des Hasler’s planning for next Friday’s NRL preliminary final would’ve started weeks ago. © Dave Hunt/AAP PHOTOS Lachlan Croker is backing coach Des Hasler to ... Read more »

NSW records 1,331 new COVID-19 cases and six deaths

NSW recorded 1,331 new COVID-19 cases in the 24 hours to 8:00pm yesterday. Six people died in the reporting period, all from Sydney’s west and south-west. Three were not vaccinated and ... Read more »

'A love letter to Roy Kent, the man I would like to yell at me each and every day.'

I still remember the first moment I saw you.  © Getty Images ‘A love letter to Roy Kent, the man I would like to yell at me each and every ... Read more »

"Rolling road rage" before Qld hit and run

Queensland Police are hunting for a hit-and-run driver after a 25-year-old man was knocked down and killed at Browns Plains in the City of Logan. © James Ross/AAP PHOTOS A ... Read more »

Real estate heir Robert Durst, a three-time suspect, is convicted of murder in L.A

By Daniel Trotta © Reuters/POOL Closing arguments in the Robert Durst murder trial (Reuters) -A California jury on Friday found multimillionaire real estate heir Robert Durst guilty of murdering his ... Read more »

Man killed in Tasmanian fireworks blast

A man has died in an explosion triggered as he was trying to ignite a firework in Tasmania’s north. © Ronnie Amini/AAP PHOTOS A man has been killed as he ... Read more »

Australia's first shipment of Moderna vaccines arrives overnight

© Provided by Daily Mail MailOnline logo The first shipment of Moderna vaccines have arrived in Australia, with one million doses expected to be in the country from this weekend. ... Read more »

Baked with love: Sourdough passion project brings artisan-style bread and joy to community

© Provided by ABC Health For many people lockdown provided the opportunity to take up a new hobby. This has included trying to bake sourdough bread. From keeping a sourdough ... Read more »

One new local case of COVID-19 in Queensland, large numbers turn out at vaccination hubs

© Provided by ABC News A queue forms at the vaccination hub at the Brisbane Entertainment Centre in Boondall.  (ABC News: Jim Malo) There has been one new locally acquired ... Read more »

‘Living in terror': Afghans left behind by New Zealand struggling to survive

Desperate and running low on food, Afghans who worked for New Zealand wonder if help is coming. © Provided by The Guardian Photograph: Wana News Agency/Reuters “The situation here is ... Read more »

Police out in force to deter Sydney lockdown protesters

© Getty There is a high profile police operation underway to deter lockdown protesters. Police in Sydney have launched a highly visible and mobile operation today to disrupt any COVID-19 ... Read more »

Aust 'notes regret' over French withdrawal

France’s withdrawal of its Australian ambassador over Canberra’s move to dump a submarine deal with the European power has been “noted with regret”. © Mick Tsikas/AAP PHOTOS France has labelled ... Read more »

One new case as Qld brings major jab push

Queensland has recorded one new case of COVID-19 in the community as the state kicks off a major vaccination push, with some sites already hitting capacity as they begin to ... Read more »

Canada's tough canola harvest driving prices up for Aussie farmers

© Provided by ABC Business Canada on track for its smallest canola crop in over a decade. (Supplied: Danielle Wildfong) Australian canola prices have been historically high this year and increased again ... Read more »

Sydney racing selections: Randwick tips for Saturday, September 18

Breathe in that carnival air peeps, a massive day of A1 quality awaits at both Randwick and Caulfield, headed by the George Main up here and Rupert Clarke down there. ... Read more »

Not horsing about: Remote Victorian communities trot out for vaccines

© Provided by ABC Health It’s hard to draw comparisons between the big vaccination hubs of Melbourne and the sleepy, isolated valleys of far East Gippsland. It’s a solid six-hour ... Read more »

What the Packed to the Rafters cast are up to, 8 years after the iconic show ended.

© Getty Images What the Packed to the Rafters cast are up to, 8 years after the iconic show ended. It’s been eight years since Packed to the Rafters ended, but ... Read more »

Gov't reconsiders 2nd Jeju airport project

A panoramic view of the site for a new international airport on Jeju Island / Korea Times file By Jun Ji-hye The government has taken a step backward in its ... Read more »

Coalition plans to scrap recovery plans for 200 endangered species and habitats

The Morrison government has proposed scrapping recovery plans for almost 200 endangered species and habitats including the Tasmanian devil, the whale shark and the endangered glossy-black cockatoo populations on Kangaroo ... Read more »

Millions of websites are about to get a significant speed boost

As part of its Speed Week 2021 event, Cloudflare has announced that it is the first CDN provider to implement server support at scale for a new internet standard called ... Read more »

Terry McGinnis avenges the murder of Bruce Wayne in Batman Beyond: Neo Year

© Provided by GamesRadar cover of Batman Beyond: Neo Year #1 Terry McGinnis, the Batman of the future, is returning in his own title that channels a classic Batman story ... Read more »

Experts warn COVID-19 could send Closing the Gap targets backwards with data on Indigenous boarding school attendance 'unclear'

© Provided by ABC Health For 11-year-old Nadine Kenny, who comes from Indulkana in South Australia’s remote Anangu Pitjantjatjara Yankunytjatjara (APY) Lands, going to boarding school is a chance to ... Read more »

Teenager fatally stabbed and a second hospitalised after stabbing

© AAP Image/Joel Carrett One teenager has died and another has been taken to hospital in a serious condition after an alleged stabbing at the New South Wales‘ Hunter region. ... Read more »

Olympian Ariarne Titmus receives the key to the City of Launceston

© Provided by Daily Mail MailOnline logo Swimming’s new golden girl Ariarne Titmus had an incredible run at the Tokyo Olympics last month.  And this week, the 21-year-old celebrated getting ... Read more »

Multimillionaire real estate heir Robert Durst convicted of murder

By Daniel Trotta © Reuters/POOL Closing arguments in the Robert Durst murder trial (Reuters) – A California jury on Friday found multimillionaire real estate heir Robert Durst guilty of murdering ... Read more »

Prince Andrew: Photo of legal papers being posted to the duke released by lawyers for Virginia Giuffre

Photographs showing papers notifying Prince Andrew about a civil sexual assault case against him in the US have been released by lawyers for his accuser Virginia Giuffre. Among the photos ... Read more »

Fortnite adds another virtual influencer to its battle royale

Last season, one of the more curious additions to Fortnite was Guggimon, a terrifying-looking rabbit creature that also happened to be a virtual influencer with millions of followers on platforms ... Read more »

Victoria could end lockdown early if Pfizer dose window is halved

© Provided by Daily Mail MailOnline logo Victoria has recorded 535 new Covid-19 cases and one death amid hopes the state could end lockdown as soon as Melbourne Cup day if ... Read more »

Victoria records 535 new local COVID-19 cases and one death

© Provided by ABC Health Victoria has recorded 535 new locally acquired COVID-19 cases and one further death as the state wakes to a slight easing of restrictions. It is ... Read more »

Victoria records one death, 535 new COVID cases as picnics and protests return to Melbourne

© Getty Up to five fully vaccinated Melburnians from a maximum of two households can have picnics together from Saturday, however alcohol remains banned. There was one death and 535 ... Read more »

Lockdowns could remain at 70 per cent double-dose vaccinations

© 9News Dr Omar Khorshid said health authorities need to get testing, contact tracing and quarantine programs perfect before reopening. Lockdowns in local government areas of concern could remain in ... Read more »

ABC cameraman recalls covering 9/11 attacks and eight hours in a Washington bunker

© Provided by ABC NEWS David McMeekin (far right) with Australian media colleagues filming at the White House on September 10, 2001. (Supplied: David McMeekin) On the evening of September 10, ... Read more »

Marion Cotillard and Penélope Cruz at San Sebastian Film Festival

© Provided by Daily Mail MailOnline logo She is famed for her award-winning performances in numerous critically acclaimed films, including Inception, Nine, and Rust and Bone.  And Marion Cotillard was ... Read more »

Random: I played Sea of Thieves via Xbox Cloud Gaming on a pirate ship IRL

© Windows Central Ocean Trip Jez 2021 There once was a ship that put to sea… I recently went on vacation to the Baltic Sea in North Germany. You’d think ... Read more »

Fake meat inquiry heats up as vegan groups claim 'protectionist', 'anti-competitive behaviour'

© Provided by ABC NEWS Plant-based meat alternatives is an emerging industry. (ABC Rural) The third public hearing of an Australian parliamentary inquiry into the definitions of meat and other ... Read more »

Meet the Australians stuck waiting for mental healthcare as the pandemic takes its toll

© ABC Zena Burgess says a shortage of psychologists is most obvious in regional Australia. When Andrea* needed to see a psychiatrist earlier this year she was placed on a ... Read more »

Amazon says it's permanently banned 600 Chinese brands for review fraud

Remember when gadget vendors Aukey, Mpow, RavPower, Vava, TaoTronics and Choetech started mysteriously disappearing from Amazon’s online storefront, and it turned out Amazon had intentionally yanked them while vaguely gesturing ... Read more »

‘China's Lehman Brothers moment': Evergrande crisis rattles economy

The crisis engulfing Evergrande, China’s second-biggest property company, is the greatest test yet of President Xi Jinping’s effort to reform the debt-ridden behemoths of the Chinese economy. It could also ... Read more »

Dilapidated grave a source of inspiration

At a time when wage inequality and women’s safety must dishearteningly remain a hot topic in Australia, a long-forgotten, partially-sunken grave might prove a timely source of inspiration for perseverance. ... Read more »