Do you own an iPhone? Update it right now.
Apple has released an emergency software patch after researchers uncovered a security flaw that could allow hackers to secretly install spyware on your Apple devices even if you do nothing, not even click on a link.
The spyware can then eavesdrop or steal data from your device. All of Apple’s operating systems, including those for iPads, Macs and Apple Watches, are vulnerable.
The University of Toronto’s Citizen Lab said the “zero-click” flaw allowed Pegasus spyware from Israeli hacker-for-hire firm, NSO Group, to infect the iPhone of a Saudi activist by sending an image file via iMessage.
Apple issued a patch aimed at fixing the security flaw Monday but did not mention NSO Group.
"After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users," Ivan Krstić, head of Apple Security Engineering and Architecture, said in a statement to USA TODAY.
He also credited Citizen Lab for obtaining the exploit "so we could develop this fix quickly."
Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals," Krstić said.
He said the security threat will not affect "the overwhelming majority of our users."
Although it’s unlikely that hackers will target average users, any Apple device is vulnerable and the iOS update is recommended for everyone.
Update iPhones and iPads to iOS 14.8, Macs to 11.6 and Apple Watches to 7.6.2.
To update your iPhone or iPad
Go to Settings.
Tap Software Update.
Plug in your device or make sure it has 50% battery life or more.
Tap “Install Now.”