Don’t ignore the software update if you are one of those people who ignores them. Apple has released an emergency update to iOS and macOS operating system systems after a major security flaw was discovered by a cyber security company. This zero-click vulnerability could infect your Apple device without you even knowing.
This report from the University of Toronto’s Citizen Lab shows that the ForcedEntry zero click exploit can compromise almost all Apple devices, including phones, tablets and smartwatches.
Citizen Lab researchers discovered ForcedEntry signs in March when they were analyzing the phone of a Saudi activist infected by spyware from the NSO Group. The Israeli spyware company was accused of selling software to spy on individuals worldwide, including journalists and activists. Citizen Lab informed Apple about its findings on September 7th, a week before it released its report to public. This prompted the emergency update.
ForcedEntry doesn’t just work. This exploits a major security flaw in iMessage (Apple’s built-in messaging platform). It works like this: A hacker sends an invisble text message to the victim. This gives them full access to their device. The hacker can also install spyware to monitor their calls and remotely access their cameras. These zero-click exploits are so terrifying because victims often don’t realize it until too late.
NSO Group was also implicated in a zero-click attack that occurred back in 2019. NSO discovered a similar vulnerability on Whatsapp, and infected over 1400 people connected to a Human Rights Facebook page with its spyware. At this time, it’s not known how many phones were compromised or targeted. NSO Group denies all allegations of wrongdoing.
Citizen Lab concludes its report by calling for regulation of companies such as NSO Group.
“Our latest discovery of yet another Apple zero day (term for a computer-software vulnerability is known to interested parties) employed as part of NSO Group’s arsenal further illustrates that companies like NSO Group are facilitating ‘despotism-as-a-service’ for unaccountable government security agencies. This growing, profitable, and dangerous market must be regulated.”
You can protect your Apple products and yourself by making sure that all of your Apple devices are updated with the latest software update on Monday, September 13. Apple expects to announce a new slate of devices today. It will also address the emergency fix during the keynote.