Apple fixes iOS loophole used by spy app; update now

Apple has released a new security update that fixes a zero-day vulnerability (a hitherto unknown critical flaw) affecting all iPhone, iPad, Mac and Apple Watch models.

  • iOS 15: See first impressions of Apple’s new system
  • Apple Watch Series 7 is advertised with tough design and thin edges
  • Apple Announces iPad Mini with revamped design and more powerful iPad 9

The vulnerability, discovered by Citizen Lab researchers, took advantage of a flaw in the iMessage app to be able to hack and forcibly install apps on Apple devices. The defect was alarming because it was available in the latest version of iOS, the 14.6, breaking Apple’s new security measures introduced in this update, called Blastdoor . Citizen Lab, therefore, named the flaw ForcedEntry (forced entry, in free translation).

The new security update is available on iOS 14.8 and iPadOS 14.8, as well as new updates for Apple Watch and macOS. Apple, in an official statement, said the new versions fix at least one vulnerability that may have been maliciously exploited.

Want to catch up on the best tech news of the day? Go and subscribe to our new channel on youtube, Canaltech News.

Every day a summary of the main news in the tech world for you!

Failure history

The flaw was first reported in August by members of Citizen Lab, when the lab was investigating which zero-day vulnerability was used to install the Pegasus spy app on a Bahrain activist’s cell phone. Citizen Lab believes the flaw was discovered and exploited by the NSO Group itself, claiming as evidence that prior to the case involving the Pegasus app, the vulnerability had never been made public.

The Pegasus app, developed by the NSO group, an Israeli firm, when installed on a device, allows the Israeli government to have almost complete access to the device, including photos, messages and personal data .

The fault affected all Apple devices available on the market. Information about the vulnerability was communicated to the tech giant on September 7, with the company on the day releasing the update that fixed the bug.

Ivan Krstić, Apple’s chief architect, issued a statement thanking the Citizen Lab. “After identifying the iMessage vulnerability, Apple quickly released a new security update on iOS 14.8 that fixes the fault. We would like to thank Citizen Lab for doing the hard work of getting a sample of the bug, enabling us at Apple to develop the update as quickly as possible.

How to update your Apple device15

The process for updating your Apple devices is easy:

iPhone and iPad

  • Back up your device to iCloud;
  • Go to the Settings section and then click on “General”;
  • Choose the option ” Software Update”;
  • Tap Download and Install and wait;
  • With the update downloaded, click “Install Now”.

Apple Watch

  • On the iPhone, open the Watch app and enter “General”;
  • Choose the option “Software Update”;
  • Wait for the download;
  • Click on “Install”.

macOS

  • Enter Computer Settings;
  • Choose the “Software Update” option;
  • Wait for download;
  • Click “Install”.

    Source: Techcrunch

    Did you like this article?

    Subscribe your email on Canaltech to receive daily updates with the latest news from the world of technology.

    15 15

    15

  • Related Articles

    Back to top button