Apple Issues Emergency Security Updates to Close a Spyware Flaw
Source: New York Times
Apple issued emergency software updates for a critical vulnerability in its products on Monday after security researchers uncovered a flaw that allows highly invasive spyware from Israels NSO Group to infect anyones iPhone, Apple Watch or Mac computer without so much as a click.
Apples security team has been working around the clock to develop a fix since Tuesday, after researchers at Citizen Lab, a cybersecurity watchdog organization at the University of Toronto, discovered that a Saudi activists iPhone had been infected with spyware from NSO Group. The spyware, called Pegasus, used a novel method to invisibly infect an Apple device without the victims knowledge for as long as six months.
Known as a zero click remote exploit, it is considered the Holy Grail of surveillance because it allows governments, mercenaries and criminals to secretly break into a victims device without tipping the victim off. Using the zero-click infection method, Pegasus can turn on a users camera and microphone, record messages, texts, emails, calls even those sent via encrypted messaging and phone apps like Signal and send them back to NSOs clients at governments around the world.
This spyware can do everything an iPhone user can do on their device and more, said John Scott-Railton, a senior researcher at Citizen Lab, who teamed up with Bill Marczak, a senior research fellow at Citizen Lab, on the finding. In the past, victims learned their devices were infected by spyware only after receiving a suspicious link texted to their phone or email. But NSO Groups zero-click capability gives the victim no such prompt, and enables full access to a persons digital life. These abilities can fetch millions of dollars on the underground market for hacking tools.
Read more: https://www.nytimes.com/2021/09/13/technology/apple-software-update-spyware-nso-group.html
Updating the ole iPad Air 2 as I post this.
There are some threads in GD too (was reading one when I saw the breaking banner), e.g., - https://www.democraticunderground.com/100215851263
brush
(53,776 posts)JohnSJ
(92,189 posts)hlthe2b
(102,247 posts)BumRushDaShow
(128,933 posts)they said to just go to the settings and get to the updates screen and it will automatically be available. I went to settings/general/software update and it was there to "download" or "download and install".
It's taking awhile so it's sortof big and probably many people are hitting the servers at once.
COL Mustard
(5,897 posts)Big for an iOS update, especially with iOS 15 due out any day now.
I hate hackers.
BumRushDaShow
(128,933 posts)my iPad Air 2 is like 7 years old this year... I just did it on the iPhone 12 Pro and it was done in a fraction of the time.
dweller
(23,632 posts)is showing to be 870 mb on my fone
✌🏻
badhair77
(4,217 posts)all my devices.
Buckeye_Democrat
(14,853 posts)I just updated my iPhone.
Surprised it happened to Apple, since they usually keep their operating systems locked down pretty tight.
BumRushDaShow
(128,933 posts)(it my have been the 9to5mac) there were hackers able to break Apple's "Blastdoor" protection in a quest to go after a particular person in Bahrain I think.
targetpractice
(4,919 posts)BumRushDaShow
(128,933 posts)ZonkerHarris
(24,223 posts)piddyprints
(14,642 posts)Just updated phone and iPad.
Hekate
(90,674 posts)Yeesh.
ancianita
(36,053 posts)Tree Lady
(11,457 posts)Everything updated except computer at home turned off.
karin_sj
(808 posts)Updating my devices right now.
LittleGirl
(8,287 posts)I got an alert that someone was trying to log into my Apple ID in Ontario Canada. I live in Switzerland so I didn't allow but had to lock my devices and change my password. Luckily this password and ID is unique to others. Last night, we downloaded the updates for my phone and ipad. We're good now.
Thanks for posting this important update info.
littlemissmartypants
(22,656 posts)nwduke
(350 posts)I think they rushed this out in a hurry, but it has major download flaws. It gets stuck in preparing download and nothing happens. Apple needs to get their act together on this one!
BumRushDaShow
(128,933 posts)as the news propagated out more and more yesterday and overnight and that eventually resulted in millions of people trying to hit the servers at once - and moreso because it impacted so many of their brand devices (iPhones, iPads, iPods, Macs, watches) and each one (of the newer vintage) devices needed an update.
nwduke
(350 posts)Ill try later when things settle down!
BumRushDaShow
(128,933 posts)it was taking awhile to get it downloaded and then took a long time for it to finally finish installing. But I know it is also an "older" device (an iPad Air 2). When that was done, I immediately did the iPhone 12 Pro and it was done with everything (download, verification, and installation) within about 15 minutes.
mahatmakanejeeves
(57,437 posts)tonekat
(1,814 posts)It's updating now.