The US technology company Apple has released security updates for the iPhone, iPad, Apple Watch, and Mac. Last week, researchers from Citizen Lab discovered a new vulnerability in iOS that exploited the Pegasus spy software. However, since the fixed vulnerabilities are already being used, users should install the updates as soon as possible.
According to the researchers, someone actively exploited the previously unknown iPhone vulnerability to secretly install the Pegasus surveillance software developed by Israel’s NSO Group on target devices. Victims would have no chance to defend themselves against it, even if they had installed iOS version 16.6, the latest version, by then.
Now, Apple has reacted and released a security update for iOS and iPadOS to plug the gap. It is available for:
The iPhone 8 and newer models
All versions of the iPad Pro
The iPad Air from the third generation
as well as the regular iPad and iPad mini from the fifth generation onwards.
New operating system versions
The new operating system versions each bear the number 16.6.1. They can be installed manually in the settings under General and then Software Update.
The vulnerability affected Passkit, the interface Apple uses in Wallet apps to map various tickets. According to Citizen Lab, a message sent via iMessage to the victim with the doctored image in the Passkit file was enough for Pegasus to install itself on the affected iPhone without the user’s intervention or knowledge. “Zero-click” is the name given to such vulnerabilities because victims do not need to click or tap anything for the installation to start.
watchOS 9.6.2 closes the Pegasus vulnerability
Now, Apple also closes this gap under watchOS 9. After all, the Apple Watch also has a way to show tickets on the display. Unlike iOS 16.6, however, watchOS is not affected by the second vulnerability in the image management system ImageIO, so Apple only points to a CVE with the sequence number 2023-41061 as fixed. New features are not to be expected, just like with iOS 16.6.1. However, it is recommended to install the latest version of watchOS as soon as possible.
Pegasus is not for “normal” users.
The Pegasus spyware was developed by NSO Group and is intended to serve “governments and law enforcement agencies.” The software is not sold to regular users. However, there are reports that most countries with licenced Pegasus are rather cavalier with human rights, targeting groups of people such as journalists or opposition figures. Pegasus has been in development for a long time and has provided security updates. Besides that, Apple sued the manufacturer two years ago.
- source: krone.at/picture: pixabay.com
This post has already been read 2634 times!