Apple on Monday issued security patches for its iPhones, iPads and MacBooks, offering a critical security patch that fixes the flaw that enables the notorious Pegasus. The security patches will be rolling out as iOS 14.8, macOS 11.6 and even watchOS 7.6.2, and offer fixes to plug the hole on flaws in the software system that essentially allows anyone with intent (and a fair bit of money) to hack a user’s device – without any user intervention at all. It is this that makes updating your Apple devices imperative.
Citizen Lab, a critically acclaimed group of cyber security researchers under the University of Toronto, reportedly helped Apple uncover the vulnerabilities in its systems that enabled Pegasus. In response, Apple’s head of security engineering and architecture, Ivan Krstic, reportedly commended Citizen Lab for its assistance on the matter, courtesy its findings on how Pegasus works. The software patches have now been released with immediate effect, and according to a report by The New York Times, over 1.65 billion Apple devices should get this update.
Pegasus is a notorious cyber espionage tool – possibly the most well-known spyware for personal usage. Developed by the Israeli NSO Group, Pegasus is a specialist malware that can infiltrate user devices with little to no user assistance, making it super difficult to protect against even for savvy users. It then escalates its system privilege to gain root-level access to devices, and in effect, can see and hear every single thing that a user can on their phone. The tool has reportedly been offered to NSO’s clients around the world who work on behalf of national governments, although the NSO Group has largely denied its enablement of such cyber warfare tools.
However, the latest expose of Pegasus clearly showed how the spyware infiltrated Apple devices, which have long been known to offer better security standards than its counterparts from the world of Android. While this raised multiple questions regarding the perceived lofty security standards of Apple (and whether they were, in fact, more hype than reality), the existence of zero-click tools such as Pegasus also reflects on the millions of dollars being spent to develop advanced cyber warfare tools.
Pegasus is only the tip of the iceberg when it comes to cyber espionage, but serves as an ideal example of how the industry has progressed. The most advanced cyber infiltration tools often leave little to (at times) no trace at all, and in recent times, have also adopted a zero-click formula. This means that while users previously needed to have been tricked into at least some form of a click (such as in spear phishing), tools such as Pegasus solely rely on software flaws such as what Apple is patching right now.
Even if you don’t consider yourself to be a ripe threat for targeted surveillance, it is imperative that you update all of your Apple devices right away to patch this critical flaw. It is, in fact, a good general practice to update your devices as soon as updates are released. The most common factors that cyber attackers cash in on are lack of awareness and infrequent updates, and given today’s environment of increased cyber attacks everywhere, not updating your device software is a risk that you must not take.