iOS 15 and iPad OS 15 come Monday: How to install Apple's new software

Technology

CNET 18 September, 2021 - 02:45pm 26 views

When is the Apple Event September 2021?

Apple's "California Streaming" event will be a virtual media event held on Tuesday, September 14, 2021, where the company is expected to unveil the iPhone 13, Apple Watch Series 7, and possibly third-generation AirPods. Mac RumorsSeptember 2021 Apple Event on MacRumors

New tweaks and features are coming with iOS 15. 

iOS 15 and iPadOS 15 will be ready to download and install on your iPhone and iPad this Monday, Sept. 20, Apple announced during its iPhone 13 event this week. It also introduced the new iPhone 13, iPhone 13 Pro and iPhone 13 Mini -- all available for preorder now -- and its newest iPad, iPad Mini and Apple Watch Series 7. The software updates come with an array of new features for iPhones and iPads. 

Apple added new FaceTime features that, for the first time, will let Android and PC users participate, and iMessage improvements that make it easier to track links and photos your friends have sent. The iPad is getting a complete home screen makeover, and multitasking is finally receiving the boost it's needed for years.

Below, we'll explain how to install iOS 15 on your iPhone and iPadOS 15 on your iPad once it's time. For now, make sure to get your devices ready ahead of time -- we'll tell you how to do that, too. 

Make sure to clear out any clutter, such as photos and apps you don't need anymore, to free up storage on your phone. If you haven't done so recently, you'll also want to create a fresh backup so you don't lose anything important on your device. (Here's a guide that'll walk you through how to do it all.) Once you've done this, your phone and iPad will be ready for iOS 15 and iPadOS 15.

Once the update goes live on Monday -- Apple usually launches updates around 10 a.m. PT (1 p.m. ET, 6 p.m. BST) -- you'll install it just like any other software update. It's a good idea to have your device plugged into a charger to ensure that the update doesn't drain the battery, and a strong Wi-Fi connection will help speed up the process without burning through your data plan. On an iPhone, follow these steps:

1. Open the Settings app.

2. Select General

Your device will connect to Apple's servers and prompt you to download and install the update. Follow the prompts to complete the installation. When your device reboots, it will be running iOS 15. Follow the same steps with an iPad to update it to iPadOS 15.

Read full article at CNET

Apple Security Update Closes Spyware Flaw in iPhones, Macs and iWatches

The New York Times 20 September, 2021 - 03:30am

Researchers at Citizen Lab found that NSO Group, an Israeli spyware company, had infected Apple products without so much as a click.

Apple issued emergency software updates for a critical vulnerability in its products on Monday after security researchers uncovered a flaw that allows highly invasive spyware from Israel’s NSO Group to infect anyone’s iPhone, iPad, Apple Watch or Mac computer without so much as a click.

Apple’s security team had worked around the clock to develop a fix since Tuesday, after researchers at Citizen Lab, a cybersecurity watchdog organization at the University of Toronto, discovered that a Saudi activist’s iPhone had been infected with an advanced form of spyware from NSO.

The spyware, called Pegasus, used a novel method to invisibly infect Apple devices without victims’ knowledge. Known as a “zero click remote exploit,” it is considered the Holy Grail of surveillance because it allows governments, mercenaries and criminals to secretly break into someone’s device without tipping the victim off.

Using the zero-click infection method, Pegasus can turn on a user’s camera and microphone, record messages, texts, emails, calls — even those sent via encrypted messaging and phone apps like Signal — and send them back to NSO’s clients at governments around the world.

“This spyware can do everything an iPhone user can do on their device and more,” said John Scott-Railton, a senior researcher at Citizen Lab, who teamed up with Bill Marczak, a senior research fellow at Citizen Lab, on the finding.

The discovery means that more than 1.65 billion Apple products in use worldwide have been vulnerable to NSO’s spyware since at least March. It signals a serious escalation in the cybersecurity arms race, with governments willing to pay whatever it takes to spy on digital communications en masse, and with tech companies, human rights activists and others racing to uncover and fix the latest vulnerabilities that enable such surveillance.

Here’s how to update your iPhone with the software patch →

Click Install Now to update to iOS 14.8.

The spyware was able to:

Turn on a user’s camera and microphone.

Record their messages, texts, emails and calls.

Because of how sophisticated the software was, it’s hard to know whose devices had been compromised. It is critical to update your iPhone and other Apple devices — iPads, Mac computers and Apple Watch — with the new software as soon as possible.

Read more on the Apple software flaw that was patched.

On Monday, Ivan Krstić, Apple’s head of security engineering and architecture commended Citizen Lab for its findings and urged customers to run the latest software updates for the fixes to take effect, by installing iOS 14.8, MacOS 11.6 and WatchOS 7.6.2.

“Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life and are used to target specific individuals,” Mr. Krstić said.

Apple has said it plans to introduce new security defenses for iMessage, Apple’s texting application, in its next iOS 15 software update, expected later this year.

NSO did not immediately respond to inquiries on Monday.

NSO has long drawn controversy. The company has said that it sells its spyware only to governments that meet strict human rights standards and that it expressly requires customers to agree to use its spyware only to track terrorists or criminals.

But over the past six years, NSO’s Pegasus spyware has turned up on the phones of activists, dissidents, lawyers, doctors, nutritionists and even children in countries like Saudi Arabia, the United Arab Emirates and Mexico.

Starting in 2016, a series of New York Times investigations revealed the presence of NSO’s spyware on the iPhones of Emirati activists lobbying for expanded voting rights; Mexican nutritionists lobbying for a national soda tax; lawyers looking into the mass disappearance of 43 Mexican students; academics who helped write anti-corruption legislation; journalists in Mexico and England; and an American representing victims of sexual abuse by Mexico’s police.

In July, NSO became the subject of further scrutiny after Amnesty International, the human rights watchdog, and Forbidden Stories, a group that focuses on free speech, teamed up with a consortium of media organizations on “The Pegasus Project” to publish a list of 50,000 phone numbers, including some used by journalists, government leaders, dissidents and activists, that they said had been selected as targets by NSO’s clients.

The consortium did not disclose how it had obtained the list, and it was unclear whether the list was aspirational or whether the people had actually been targeted with NSO spyware.

Among those listed were Azam Ahmed, who had been the Mexico City bureau chief for The Times and who has reported widely on corruption, violence and surveillance in Latin America, including on NSO itself; and Ben Hubbard, The Times’s bureau chief in Beirut, Lebanon, who has investigated rights abuses and corruption in Saudi Arabia and wrote a recent biography of the Saudi crown prince, Mohammed bin Salman.

It also included 14 heads of state, including President Emmanuel Macron of France, President Cyril Ramaphosa of South Africa, Prime Minister Mostafa Madbouly of Egypt, Prime Minister Imran Khan of Pakistan, Saad-Eddine El Othmani, who until recently was the prime minister of Morocco, and Charles Michel, the head of the European Council.

Shalev Hulio, a co-founder of NSO Group, vehemently denied the list’s accuracy, telling The Times, “This is like opening up the white pages, choosing 50,000 numbers and drawing some conclusion from it.”

This year marks a record for the discovery of so-called zero days, secret software flaws like the one that NSO used to install its spyware. This year, Chinese hackers were caught using zero days in Microsoft Exchange to steal emails and plant ransomware. In July, ransomware criminals used a zero day in software sold by the tech company Kaseya to bring down the networks of some 1,000 companies.

For years, the spyware industry has been a black box. Sales of spyware are locked up in nondisclosure agreements and are frequently rolled into classified programs, with limited, if any, oversight.

NSO’s clients previously infected their targets using text messages that cajoled victims into clicking on links. Those links made it possible for journalists and researchers at organizations like Citizen Lab to investigate the possible presence of spyware. But NSO’s new zero-click method makes the discovery of spyware by journalists and cybersecurity researchers much harder.

“The commercial spyware industry is going darker,” said Mr. Marczak, the Citizen Lab researcher. Mr. Marczak said he was first approached by the Saudi activist in March. But it was only last week that he was able to parse evidence from the activist’s phone and uncover digital crumbs similar to those on the iPhones of other Pegasus targets.

Mr. Marczak said he found that the Saudi activist, who declined to be identified, had received an image. That image, which was invisible to the user, exploited a vulnerability in the way that Apple processes images and allowed the Pegasus spyware to be quietly downloaded onto Apple devices. With the victim none the wiser, his or her most sensitive communications, data and passwords were siphoned off to servers at intelligence and law-enforcement agencies around the globe.

Citizen Lab said the scale and scope of the operation was unclear. Mr. Marczak said, based on the timing of his discovery of Pegasus on the Saudi activist’s iPhone and other iPhones in March, it was safe to say the spyware had been siphoning data from Apple devices for at least six months.

The zero-click exploit, which Citizen Lab dubbed “Forcedentry,” was among the most sophisticated exploits discovered by forensics researchers. In 2019, researchers uncovered that a similar NSO zero-click exploit had been deployed against 1,400 users of WhatsApp, the Facebook messaging service. Last year, Citizen Lab found a digital trail suggesting NSO may have a zero-click exploit to read Apple iMessages, but researchers never discovered the full exploit.

NSO was long suspected of having a zero-click capability. A 2015 hack of one of NSO’s chief competitors, Hacking Team, a Milan-based spyware outfit, revealed emails showing Hacking Team executives scrambling to match a remote, zero-click exploit that its customers claimed NSO had developed. That same year, a Times reporter obtained NSO marketing materials for prospective new clients that mentioned a remote, zero-click capability.

Proof of the capability never turned up.

“Today was the proof,” Mr. Marczak said.

Forcedentry was the first time that researchers successfully recovered a full, zero-click exploit on the phones of activists and dissidents. When such discoveries are revealed, governments and cybercriminals typically try to exploit vulnerable systems before users have a chance to patch them, making timely patching critical.

Mr. Scott-Railton urged Apple customers to run their software updates immediately.

“Do you own an Apple product? Update it today,” he said.

iOS 15 and iPad OS 15 come Monday: How to install Apple's new software

T3 18 September, 2021 - 02:45pm

New tweaks and features are coming with iOS 15. 

iOS 15 and iPadOS 15 will be ready to download and install on your iPhone and iPad on Monday, Apple announced during its iPhone 13 event this week. It also introduced the new iPhone 13, iPhone 13 Pro and iPhone 13 Mini -- all available for preorder now -- and its newest iPad, iPad Mini and Apple Watch Series 7. The software updates come with an array of new features for iPhones and iPads. 

Apple added new FaceTime features that, for the first time, will let Android and PC users participate, and iMessage improvements that make it easier to track links and photos your friends have sent. The iPad is getting a complete home screen makeover, and multitasking is finally receiving the boost it's needed for years.

Below, we'll explain how to install iOS 15 on your iPhone and iPadOS 15 on your iPad once it's time. For now, make sure to get your devices ready ahead of time -- we'll tell you how to do that, too. 

Make sure to clear out any clutter, such as photos and apps you don't need anymore, to free up storage on your phone. If you haven't done so recently, you'll also want to create a fresh backup so you don't lose anything important on your device. (Here's a guide that'll walk you through how to do it all.) Once you've done this, your phone and iPad will be ready for iOS 15 and iPadOS 15.

Once the update goes live on Monday -- Apple usually launches updates around 10 a.m. PT (1 p.m. ET, 6 p.m. BST) -- you'll install it just like any other software update. It's a good idea to have your device plugged into a charger to ensure that the update doesn't drain the battery, and a strong Wi-Fi connection will help speed up the process without burning through your data plan. On an iPhone, follow these steps:

1. Open the Settings app.

2. Select General

Your device will connect to Apple's servers and prompt you to download and install the update. Follow the prompts to complete the installation. When your device reboots, it will be running iOS 15. Follow the same steps with an iPad to update it to iPadOS 15.

Apple's iPhone fix and everything else you need to know about Pegasus spyware

CNET 17 September, 2021 - 10:03am

It's a doozy of a digital spying case. Security researchers have found evidence of attempted or successful installations of Pegasus, software made by Israel-based cybersecurity company NSO Group, on 37 phones of activists, journalists and businesspeople. The targets appear to have been targets of secret surveillance by software that's intended to help governments pursue criminals and terrorists.

Pegasus has been a politically explosive issue that's put Israel under pressure from activists and from governments worried about misuse of the software. France and the United States have raised concerns, and NSO has suspended some countries' Pegasus privileges.

It hasn't helped Apple's reputation as a trustworthy technology supplier, either. On Monday, though, Apple fixed a security hole that Pegasus exploited for installation on iPhones, The New York Times reported and Apple confirmed. Malware often uses collections of such vulnerabilities to gain a foothold on a device and then expand privileges to become more powerful. NSO Group's software also runs on Android phones.

The phones were on an activist organization's list of more than 50,000 phone numbers for politicians, judges, lawyers, teachers and others. Also on that list are 10 prime ministers, three presidents and a king, according to an international investigation released in mid-July by The Washington Post and other media outlets, though there's no proof that being on the list means an attack was attempted or successful.

Pegasus is the latest example of how vulnerable we all are to digital prying. Our most personal information -- photos, text messages and emails -- is stored on our phones. Spyware can reveal directly what's going on in our lives, bypassing the encryption that protects data sent over the internet.

The 50,000 phone numbers are connected to phones around the world, though NSO disputes the link between the list and actual phones targeted by Pegasus. The devices of dozens of people close to Mexican President Andrés Manuel López Obrador were on the list, as were those belonging to reporters at CNN, the Associated Press, The New York Times and The Wall Street Journal. But phones from several on the list, including Claude Mangin, the French wife of a political activist jailed in Morocco, were infected or attacked.

Here's what you need to know about Pegasus.

It's a company that licenses surveillance software to government agencies. The company says its Pegasus software provides a valuable service because encryption technology has allowed criminals and terrorists to go "dark." The software runs secretly on smartphones, shedding light on what their owners are doing. Other companies provide similar software.

Chief Executive Shalev Hulio co-founded the company in 2010. NSO also offers other tools that locate where a phone is being used, defend against drones and mine law enforcement data to spot patterns.

NSO has been implicated by previous reports and lawsuits in other hacks, including a reported hack of Amazon founder Jeff Bezos in 2018. A Saudi dissident sued the company in 2018 for its alleged role in hacking a device belonging to journalist Jamal Khashoggi, who had been murdered inside the Saudi embassy in Turkey that year.

Pegasus is NSO's best-known product. It can be installed remotely without a surveillance target ever having to open a document or website link, according to The Washington Post. Pegasus reveals all to the NSO customers who control it -- text messages, photos, emails, videos, contact lists -- and can record phone calls. It can also secretly turn on a phone's microphone and cameras to create new recordings, The Washington Post said.

General security practices like updating your software and using two-factor authentication can help keep mainstream hackers at bay, but protection is really hard when expert, well-funded attackers concentrate their resources on an individual.

Pegasus isn't supposed to be used to go after activists, journalists and politicians. "NSO Group licenses its products only to government intelligence and law enforcement agencies for the sole purpose of preventing and investigating terror and serious crime," the company says on its website. "Our vetting process goes beyond legal and regulatory requirements to ensure the lawful use of our technology as designed."

Human rights group Amnesty International, however, documents in detail how it traced compromised smartphones to NSO Group. Citizen Lab, a Canadian security organization at the University of Toronto, said it independently validated Amnesty International's conclusions after examining phone backup data.

Forbidden Stories, a Paris journalism nonprofit, and Amnesty International, a human rights group, shared with 17 news organizations a list of more than 50,000 phone numbers for people believed to be of interest to NSO customers.

The news sites confirmed the identities of many of the individuals on the list and infections on their phones. Of data from 67 phones on the list, 37 exhibited signs of Pegasus installation or attempted installation, according to The Washington Post. Of those 37 phones, 34 were Apple iPhones.

The list of 50,000 phone numbers includes French President Emmanuel Macron, Iraqi President Barham Salih and South African President Cyril Ramaphosa. Also on it are seven former prime ministers and three current ones, Pakistan's Imran Khan, Egypt's Mostafa Madbouly and Morocco's Saad-Eddine El Othmani. King Mohammed VI of Morocco also is on the list.

In addition to Mangin, two journalists at Hungarian investigative outlet Direkt36 had infected phones, The Guardian reported. 

A Pegasus attack was launched on the phone of Hanan Elatr, wife of murdered Saudi columnist Jamal Khashoggi, The Washington Post said, though it wasn't clear if the attack succeeded. But the spyware did make it onto the phone of Khashoggi's fiancee, Hatice Cengiz, shortly after his death.

And seven people in India were found with infected phones, including five journalists and one adviser to the opposition party critical of Prime Minister Narendra Modi, The Washington Post said.

NSO acknowledges its software can be misused. It cut off two customers in the last 12 months because of concerns about human rights abuses, according to The Washington Post. "To date, NSO has rejected over US $300 million in sales opportunities as a result of its human rights review processes," the company said in a June transparency report.

However, NSO strongly challenges any link to the list of phone numbers. "There is no link between the 50,000 numbers to NSO Group or Pegasus," the company said in a statement.

"Every allegation about misuse of the system is concerning me," Hulio told the Post. "It violates the trust that we give customers. We are investigating every allegation."

NSO blocked some governments from using Pegasus while it investigates the current situation, NPR reported. In the past, NSO had also blocked Saudi Arabia, Dubai in the United Arab Emirates, and some Mexican government agencies from using the software, The Washington Post reported.

In a statement, NSO denied "false claims" about Pegasus that it said were "based on misleading interpretation of leaked data." Pegasus "cannot be used to conduct cybersurveillance within the United States," the company added.

NSO didn't comment about suspending some countries' ability to use Pegasus or about its actions to ensure its software is used as intended.

President Joe Biden's top Middle East adviser met with an official with Israel's Ministry of Defense to express concern, The Washington Post and Axios reported.

Macron changed one of his mobile phone numbers and requested new security checks, Politico reported. He convened a national security meeting to discuss the issue. Macron also raised Pegasus concerns with Israeli Prime Minister Naftali Bennett, calling for the country to investigate NSO and Pegasus, The Guardian reported. The Israeli government must approve export licenses for Pegasus.

Israel created a review commission to look into the Pegasus situation. And on July 28, Israeli defense authorities inspected NSO offices in person.

European Commission chief Ursula von der Leyen said if the allegations are verified, that Pegasus use is "completely unacceptable." She added, "Freedom of media, free press is one of the core values of the EU."

The Nationalist Congress Party in India demanded an investigation of Pegasus use.

Edward Snowden, who in 2013 leaked information about US National Security Agency surveillance practices, called for a ban on spyware sales in an interview with The Guardian. He argued that such tools otherwise will soon be used to spy on millions of people. "When we're talking about something like an iPhone, they're all running the same software around the world. So if they find a way to hack one iPhone, they've found a way to hack all of them," Snowden said.

Amnesty International released an open-source utility called MVT (Mobile Verification Toolkit) that's designed to detect traces of Pegasus. The software runs on a personal computer and analyzes data including backup files exported from an iPhone or Android phone.

Technology Stories

JCPenney