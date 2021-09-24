This past Thursday (23), Apple released new updates for previous versions of iOS and macOS, fixing the zero-day crash (hitto unknown critical crash) possibly used by the Pegasus spyware.

The vulnerability, discovery by Citizen Lab researchers, it was taking advantage of a flaw in the iMessage app in order to hack and forcibly install apps on Apple devices. The defect was alarming as it was available on all iOS versions, even the most recent one, 23.6, breaking Apple’s new security measures introduced in this update, called Blastdoor. Citizen Lab, therefore, named the flaw ForcedEntry (forced entry, in free translation).

Apple had already released an update for users of the brand’s latest devices on the day of September, from the iOS version 12.8 and iPadOS. However, as this is a zero-day vulnerability, that is, it has been available on systems since their first versions, users of older Apple branded devices were still unprotected.

Want to catch up on the best tech news of the day? Go and subscribe to our new channel on youtube, Canaltech News. Every day a summary of the main news in the tech world for you! However, this Thursday, the company founded by Steve Jobs released the update .5.5 of iOS, correcting the flaw that allowed the execution of arbitrary code on older devices. The devices that can be updated with this new version are as follows: iPhone 5s;

iPhone 6;

iPhone 6 Plus; iPad Air; iPad mini 2; iPad mini 3; 6th generation iPod touch. On these devices, the update can be applied from the iOS settings app by clicking the option “General” and finally choosing “Software Update”. In the case of Mac computers, macOS Catalina received new updates tions, which also fix the same flaw. All machines that have Catalina as the latest supported OS version can apply the security fixes. The macOS Catalina update can be applied with the user by going to the Apple menu on the system, clicking on the option “Overview” and finally “Software Update”. Fault History23

Fault was first reported in August by Citizen Lab members when the lab was investigating which zero-day vulnerability was used to install the Pegasus spy app on a Bahrain activist’s cell phone. Citizen Lab believes the flaw was discovered and exploited by the NSO Group itself, claiming as evidence that prior to the case involving the Pegasus app, the vulnerability had never been made public.

The Pegasus app, developed by the NSO group, an Israeli firm, when installed on a device, it allows the Israeli government to have almost complete access to the device, including photos, messages and personal data.

The flaw affected all Apple devices available on the market. Vulnerability information was communicated to the tech giant on September 7, with the company on the day 12 releasing the update that fixed the bug for the latest branded devices.

Now, with the upgrade to older devices, more users are protected from the crash.

The official Apple website has more details about the iOS update .5.5 and about macOS Catalina security fixes.

