Apple Issues Emergency Security Updates to Close a Spyware Flaw
Source: New York Times
Apple issued emergency software updates for a critical vulnerability in its products on Monday after security researchers uncovered a flaw that allows highly invasive spyware from Israel’s NSO Group to infect anyone’s iPhone, Apple Watch or Mac computer without so much as a click.
Apple’s security team has been working around the clock to develop a fix since Tuesday, after researchers at Citizen Lab, a cybersecurity watchdog organization at the University of Toronto, discovered that a Saudi activist’s iPhone had been infected with spyware from NSO Group. The spyware, called Pegasus, used a novel method to invisibly infect an Apple device without the victim’s knowledge for as long as six months.
Known as a “zero click remote exploit,” it is considered the Holy Grail of surveillance because it allows governments, mercenaries and criminals to secretly break into a victim’s device without tipping the victim off. Using the zero-click infection method, Pegasus can turn on a user’s camera and microphone, record messages, texts, emails, calls — even those sent via encrypted messaging and phone apps like Signal — and send them back to NSO’s clients at governments around the world.
“This spyware can do everything an iPhone user can do on their device and more,” said John Scott-Railton, a senior researcher at Citizen Lab, who teamed up with Bill Marczak, a senior research fellow at Citizen Lab, on the finding. In the past, victims learned their devices were infected by spyware only after receiving a suspicious link texted to their phone or email. But NSO Group’s zero-click capability gives the victim no such prompt, and enables full access to a person’s digital life. These abilities can fetch millions of dollars on the underground market for hacking tools.
Read more: https://www.nytimes.com/2021/09/13/technology/apple-software-update-spyware-nso-group.html
Updating the ole iPad Air 2 as I post this.
There are some threads in GD too (was reading one when I saw the breaking banner), e.g., - https://www.democraticunderground.com/100215851263
= new reply since forum marked as read
my iPad Air 2 is like 7 years old this year... I just did it on the iPhone 12 Pro and it was done in a fraction of the time. 
(it my have been the 9to5mac) there were hackers able to break Apple's "Blastdoor" protection in a quest to go after a particular person in Bahrain I think. 
Just updated phone and iPad. 
it was taking awhile to get it downloaded and then took a long time for it to finally finish installing. But I know it is also an "older" device (an iPad Air 2). When that was done, I immediately did the iPhone 12 Pro and it was done with everything (download, verification, and installation) within about 15 minutes.