Apple has urgently rolled out software updates to counter a newly discovered “zero-click” vulnerability that allows spyware to infiltrate its devices. Owners of iPhones, iPads, and Macs, and even Apple Watches should immediately update their device by following the instructions at the bottom of this article.
Metro UK reports that Apple has released critical updates aimed at patching two zero-day exploit chains. This comes on the heels of a startling discovery by Citizen Lab, a Washington DC-based civil society organization, which found that a “zero-click” vulnerability could deliver the notorious Pegasus mercenary spyware to Apple devices. A zero-click vulnerability is one in which hackers and other bad actors can infect a phone without tricking the user into downloading an app or clicking/tapping a link in an email or other method of communication.
John Scott-Railton, a researcher for Citizen Lab, took to social media last Thursday to announce, “Last week we @citizenlab discovered a new #Pegasus zero-click exploit chain (No clicking required to infect latest iOS!).” He urged Apple users to update their devices immediately.
🚨 Update your @apple products immediately!
— John Scott-Railton (@jsrailton) September 7, 2023
Last week we @citizenlab discovered a new #Pegasus zero-click exploit chain.
(No clicking required to infect latest iOS!)
Found while checking civil society.
Disclosed to Apple which rushed a patch 1/ https://t.co/NN6LWCbwAj pic.twitter.com/zN3cotBCMk
Citizen Lab, known for its investigations into government malware, elaborated that the spyware could compromise iPhones running the latest iOS version without requiring any interaction from the user. This revelation has raised questions about the efficacy of Apple’s security measures, given that the company has long prided itself on its robust security protocols.
One of the zero-day bugs, identified as CVE-2023-41064, made a range of Apple devices—including iPhones, iPads, Macs, and Apple Watches—vulnerable to attacks when processing a “maliciously crafted image.” Another bug, CVE-2023-41061, could compromise devices if they received a “maliciously crafted attachment.”
Apple acknowledged the issue and thanked Citizen Lab for bringing it to their attention. The tech giant has integrated the necessary patches into its regular software updates for iOS, macOS, iPadOS, and watchOS.
How to Update Your Apple Devices:
- Go to “Settings” on your Apple device.
- Scroll down and tap “General.”
- Tap “Software Update.”
- If an update is available, tap “Download and Install.”
Read more at Metro UK here.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan