Apple has released a fix for the newly discovered security exploit that affects iPhones, iPads, and Macs.
The zero-day, zero-click iMessage exploit was found by researchers at the University of Toronto’s Citizen Lab and made public on Monday. The exploit, dubbed FORCEDENTRY, allows hackers to infect Apple devices with Pegasus spyware — one of the most dangerous pieces of hacking software ever developed.
A zero-click exploit means that a device can get infected without the user needing to click on anything. There is no way a person could know their device has been infected and no way they could stop it. These types of exploits are virtually invisible and undetectable.
Pegasus spyware is particularly dangerous, too. It can stealthily access a device’s camera and microphone, allowing an attacker to spy on a victim 24/7. It can also steal any stored data. Photos, videos, location information, passwords — Pegasus can harvest it all.
What Apple says and what you should do
Apple stated in its post about the security update that it was through possession of “a maliciously crafted” PDF file that devices became vulnerable to an attack. The Citizen Lab researchers discovered it was via iMessage that the files were sent.
In a statement addressing the exploit and the newly-released fix, Ivan Krstić, Apple’s head of security engineering and architecture, stated that “After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users”.
If you own any Apple devices, you should immediately update them to ensure you’re fully protected against this security vulnerability. Not sure how to update your Apple device? Click here to learn how to update your iPhone, iPad or iPod touch and here to learn how to update your Mac.