Apple releases bug fixes for iPhone, iPad, Apple Watch, and Mac to counter Pegasus spyware.

Apple releases bug fixes for iPhone, iPad, Apple Watch, and Mac to counter Pegasus spyware.

Apple Releases Critical Security Updates Ahead of Launch Event

iPhone

In a last-minute effort to protect its devices from potential security breaches, Apple has rolled out two critical security updates for its core products, including the iPhone, iPad, Apple Watch, and Mac. These updates were released just days ahead of Apple’s highly anticipated launch event on September 12.

The vulnerability was discovered and reported to Apple by The Citizen Lab, an academic research lab specializing in security threats. The lab was credited by Apple for uncovering the flaw, which was described as an exploit chain named Blastpass. According to The Citizen Lab, this flaw could compromise iPhones running the latest version of iOS (16.6) without any user interaction. Attackers could exploit this vulnerability by sending PassKit attachments with malicious images via Apple’s iMessage.

To address the vulnerability, Apple has issued two separate fixes labeled CVE-2023-41064 and CVE-2023-41061 for the iPhone and iPad, respectively. The Citizen Lab has strongly recommended that all users apply these fixes immediately by updating their affected devices.

For iPhone and iPad users, iOS 16.6.1 and iPadOS 16.6.1 are now available for installation on supported devices. This includes the iPhone 8 and later models, all iPad Pro models, the iPad Air 3rd generation and later, the iPad 5th generation and later, and the iPad mini 5th generation and later. Users can simply go to “Settings,” select “General,” and tap on “Software Update” to download and install the update.

Not only iPhone and iPad users, but Apple Watch wearers and Mac users also have updates available to them. Apple Watch Series 4 and later can install WatchOS 9.6.2 by opening the Watch app on their paired iPhone, going to “General,” then “Software Update,” and tapping “Download and Install.” Mac users, on the other hand, can update to MacOS Ventura 13.5.2 by clicking the Apple icon, selecting “System Settings,” then “General,” and finally “Software Update.”

The Citizen Lab revealed in its report how it discovered the vulnerability, stating, “Last week, while checking the device of an individual employed by a Washington DC-based civil society organization with international offices, Citizen Lab found an actively exploited zero-click vulnerability being used to deliver NSO Group’s Pegasus mercenary spyware.”

Pegasus, a spyware tool developed by the Israel-based NSO Group, has gained notoriety for its use in targeting government officials, political activists, and journalists. The software allows remote access to devices, enabling the collection of data, monitoring of conversations through messaging apps, interception of emails and browser activities, and unauthorized surveillance through device cameras and microphones.

While NSO Group claims that Pegasus is used by governments for legitimate purposes such as tracking criminal and terrorist activities, organizations like The Citizen Lab and Amnesty International argue that innocent individuals are also targeted. As a precaution, potential victims of Pegasus are advised to activate Lockdown Mode on their iPhones or iPads. This feature disables or limits certain functions and settings to prevent spyware and malware from accessing sensitive data.

The urgency with which these updates were released, just days before Apple’s launch event, underscores the critical nature of the vulnerability. On September 12, Apple is expected to unveil its new iPhone, Apple Watch, AirPods, and possibly other products. Alongside these new releases, Apple typically introduces updated versions of its operating systems, including iOS/iPadOS, watchOS, macOS, and tvOS. Users can expect these updates to become available around September 19.

It is essential for Apple users to stay vigilant and promptly apply these security updates to ensure the safety and protection of their devices. By addressing the discovered vulnerabilities, Apple reinforces its commitment to maintaining the security and privacy of its users in an ever-evolving digital landscape.