Apple releases emergency software update to fix spyware flaw

Technology

9News.com KUSA 13 September, 2021 - 03:37pm 3 views

How do I update my Iphone?

To update your iPhone or iPad Go to Settings. Tap General. Tap Software Update. Plug in your device or make sure it has 50% battery life or more. USA TODAYDo you own an iPhone or iPad? Update your Apple devices right now.

When is the new IOS coming out?

iOS 15 release date: September 2021 Apple revealed iOS 15 at its annual Worldwide Developers Conference on June 7, as is typical. The new OS was first available for developers to test and became available to download as a public beta on June 30. CNETiOS 15: Release date, new features and everything else we know after Apple's event

When is the Apple Event September 2021?

Apple's "California Streaming" event will be a virtual media event held on Tuesday, September 14, 2021, where the company is expected to unveil the iPhone 13, Apple Watch Series 7, and possibly third-generation AirPods. Mac RumorsSeptember 2021 Apple Event on MacRumors

Apple on Monday released security updates for its iPhone, iPad, Apple Watch and Mac computers that close a vulnerability reportedly exploited by invasive spyware built by NSO Group, an Israeli security company. 

The tech giant's security note for iOS 14.8 and iPadOS 14.8 says: "Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited." Apple also released WatchOS 7.6.2, MacOS Big Sur 11.6 and a security update for MacOS Catalina to address the vulnerability. 

The fix, earlier reported by The New York Times, stems from research done by The Citizen Lab, a public interest cybersecurity group that found a Saudi activist's phone had been infected with Pegasus, NSO Group's best-known product. According to Citizen Lab, the zero-day zero-click exploit against iMessage, which it nicknamed ForcedEntry, targets Apple's image rendering library and was effective against the company's iPhones, laptops and Apple Watches. 

Read more: Check if your iPhone is infected with Pegasus spyware with this free tool

Citizen Lab, which is based at the University of Toronto, says it determined NSO used the vulnerability to remotely infect devices with its Pegasus spyware, adding that it believes that the exploit has been in use since at least February. It urged all Apple users to immediately update their operating systems.

"Ubiquitous chat apps have become a major target for the most sophisticated threat actors, including nation state espionage operations and the mercenary spyware companies that service them," Citizen Lab said in a report. "As presently engineered, many chat apps have become an irresistible soft target."

News of the security update comes as Apple readies for one of its most important annual events, the fall rollout of new products. On Tuesday, the company is expected to take the wraps off new iPhones, iPads and Apple Watches. Concerns over the security of those products would likely affect sales. 

Read more: Watch iPhone 13 launch live: How to watch Apple's event today

Apple thanked Citizen Lab for providing a sample of the exploit, which the iPhone maker said wasn't a threat to most of its users.

"Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals," Ivan Krstić, who runs Apple's security engineering and architecture operations, said in a statement. "While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data."

Stay up-to-date on the latest news, reviews and advice on iPhones, iPads, Macs, services and software.

In July, researchers found evidence of attempted or successful installations of Pegasus on 37 phones of activists, journalists and businesspeople. All but three of the devices were iPhones. Some of the people appear to have been targets of secret surveillance through Pegasus, software that's supposed to be used to pursue criminals and terrorists. The spyware is reportedly capable of accessing and recording texts, videos, photos and web activity as well as passively recording and scraping passwords on a device. 

NSO released a statement late Monday that didn't directly address Apple's update but said it "will continue to provide intelligence and law enforcement agencies around the world with life saving technologies to fight terror and crime."

The company, which licenses surveillance software to government agencies, says its Pegasus software helps authorities combat criminals and terrorists who take advantage of encryption technology to go "dark." Pegasus runs secretly on smartphones, providing insight into what their owners are doing. Other companies provide similar software.

CEO Shalev Hulio co-founded the company in 2010. In addition to Pegasus, NSO offers other tools that locate where a phone is being used, defend against drones and mine law enforcement data to spot patterns.

NSO has been implicated in other hacks, including the high-profile hack of Amazon founder Jeff Bezos in 2018. In the same year, a Saudi dissident sued the company for its alleged role in hacking a device belonging to journalist Jamal Khashoggi, who was murdered inside the Saudi embassy in Turkey.

Read full article at 9News.com KUSA

Apple Rushes to Block Spyware

Bloomberg Markets and Finance 14 September, 2021 - 03:02pm

Technology Stories