In the last weeks, the tech giant posted a security note for iOS 14.8 and iPadOS 14.8 that said some malicious PDFs could take advantage of its operating systems. “Processing a maliciously crafted PDF may lead to arbitrary code execution,” the note read. “Apple is aware of a report that this issue may have been actively exploited.”
Apple also released WatchOS 7.6.2, MacOS Big Sur 11.6 and a security update for MacOS Catalina to address the vulnerability. The patches came a day before Apple’s splashy fall event that rolled out new crops of iPhones and iPads, along with the latest Apple Watch. The company also said at the event that iOS 15 and iPadOS 15 would be generally available for free download starting on Sept. 20.
Citizen Lab, a critically acclaimed group of cyber security researchers under the University of Toronto, reportedly helped Apple uncover the vulnerabilities in its systems that enabled Pegasus. In response, Apple’s head of security engineering and architecture, Ivan Krstic, reportedly commended Citizen Lab for its assistance on the matter, courtesy its findings on how Pegasus works. The software patches have now been released with immediate effect, and according to a report by The New York Times, over 1.65 billion Apple devices should get this update.
“Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals,” Ivan Krstić, who runs Apple’s security engineering and architecture operations, said in a statement. “While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data.”
Pegasus is a notorious cyber espionage tool – possibly the most well-known spyware for personal usage. Developed by the Israeli NSO Group, Pegasus is a specialist malware that can infiltrate user devices with little to no user assistance, making it super difficult to protect against even for savvy users. It then escalates its system privilege to gain root-level access to devices, and in effect, can see and hear every single thing that a user can on their phone. The tool has reportedly been offered to NSO’s clients around the world who work on behalf of national governments, although the NSO Group has largely denied its enablement of such cyber warfare tools.
NSO released a statement late Monday that didn’t directly address Apple’s update but said it “will continue to provide intelligence and law enforcement agencies around the world with life saving technologies to fight terror and crime.”
The company, which licenses surveillance software to government agencies, says its Pegasus software helps authorities combat criminals and terrorists who take advantage of encryption technology to go “dark.” Pegasus runs secretly on smartphones, providing insight into what their owners are doing. Other companies provide similar software.
However, the latest expose of Pegasus clearly showed how the spyware infiltrated Apple devices, which have long been known to offer better security standards than its counterparts from the world of Android. While this raised multiple questions regarding the perceived lofty security standards of Apple (and whether they were, in fact, more hype than reality), the existence of zero-click tools such as Pegasus also reflects on the millions of dollars being spent to develop advanced cyber warfare tools.
Even if you don’t consider yourself to be a ripe threat for targeted surveillance, it is imperative that you update all of your Apple devices right away to patch this critical flaw. It is, in fact, a good general practice to update your devices as soon as updates are released. The most common factors that cyber attackers cash in on are lack of awareness and infrequent updates, and given today’s environment of increased cyber attacks everywhere, not updating your device software is a risk that you must not take.
If this information is helpful to you read our blog for more interesting and useful content, tips and guildelines on similar topics. Contact the team of COMPUTER 2000 Bulgaria now if you have a specific question. Our specialists will be asiisting you with your query
Content curated by the team of COMPUTER 2000 on the bases of marketing materials provided by our partners.
Follow us to learn more
Let’s walk through the journey of digital transformation together.