Η Apple just released a series of new updates for iOS, macOS and watchOS to fix a bug that security researchers have Citizen Lab they say it probably allowed government agencies to settle spyware on the phones of journalists, lawyers and activists.
Researchers say that the error allowed a "zero-click" (meaning that the target had to do nothing to get infected) spyware Pegasus, which is said to be able to steal data, passwords and activate a phone microphone or camera.
The Citizen Lab He also said that this vulnerability, which was called "ForcedEntry", seems to be in line with the behavior of a similar Amnesty International in July. At the time, security researchers wrote that exploitation was possible due to an error in its CoreGraphics system. Apple and occurred when the phone tried to use a function associated with a GIF file after receiving a text message containing a malicious file.
However, even with this information, it could be difficult to determine exactly what happened without access to the infected files themselves. In accordance with Citizen Lab , the suspicious files from a hacked activist phone appeared to be GIFs sent as SMS attachments, but were actually PSD and PDF. The Citizen Lab suspected that it might be related to Pegasus, so he sent the files to Apple on September 7. THE Apple quickly released the software updates by fixing the bug on September 13th and thanked Citizen Lab in a statement on "the completion of the very difficult task of obtaining a sample of this holding".
All of this serves as a reminder of how important it is to keep all your devices up to date. While we hope you will never be on the other side of a government that uses advanced spyware, it is still a good idea to make sure your device is not vulnerable to the widely cited security features.