Apple released an emergency fix Monday for a vulnerability in the iPhone, iPad, Mac, and Apple Watch.
Researchers at the University of Toronto’s Citizen Lab warned on its blog Tuesday about a “zero-click” exploit. It had been used to infect the phone of a Saudi activist with the help of NSO Group’s Pegasus spyware. Apple device users were vulnerable even if they didn’t click on anything.
According to the New York Times, Apple worked “around the clock” after the Citizen Lab blog post to fix the problem.
Credit: Screengrab / Sasha Lekach
To update your iPhone with iOS version 14.8, go to “Settings,” then “General,” and then “Software Update.” The process to update iPads is similar.
If you need to update your Mac, click the Apple icon in the top left corner of the screen, open up “System Preferences,” and then choose “Software Update.”
Apple Watch users should update to watchOS 7.6.2. You can do that through the iPhone’s Watch app. Or you can update directly on the Apple Watch once you’re connected to WiFi. Head to the Settings app, click “General,” and then “Software Update.”
We reached out to Apple to learn more about the spyware fix, but didn’t hear back immediately.
UPDATE: Sept. 13, 2021, 4:18 p.m. PDT Apple responded with an email statement from Ivan Krstić, head of Apple security engineering and architecture, in which he credited Citizen Lab for discovering the exploit used with iMessage. Because of its discovery, he wrote, “We could develop this fix quickly.”
He continued, “Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data.”