NORTH TEXAS (CBSDFW.COM/AP) – Important news for owners of Apple tech products — the company has released a critical software patch to fix a security vulnerability that researchers said could allow hackers to directly infect iPhones and other Apple devices without any user action.
Researchers at the University of Torontoâs Citizen Lab said the flaw was exploited to plant spyware on a Saudi activistâs iPhone, and warned that it could allow hackers to similarly infect other Apple devices without any user action.READ MORE: Dallas Police Release Video Of 'Person Of Interest' In Hall Street Murder Of Justin Thompson
The researchers said the flaw was exploited by the worldâs most infamous hacker-for-hire firm, Israelâs NSO Group; the company responded with a one-sentence statement saying it will continue providing tools for fighting âterror and crime.â
The previously unknown vulnerability affected all major Apple devices â iPhones, Macs and Apple Watches, the researchers said. NSO Group responded with a one-sentence statement saying it will continue providing tools for fighting âterror and crime.â
It was the first time a so-called âzero-clickâ exploit â one that doesnât require users to click on suspect links or open infected files â has been caught and analyzed, the researchers said. They found the malicious code on Sept. 7 and immediately alerted Apple. The targeted activist asked to remain anonymous, they said.READ MORE: Oklahoma Abortion Numbers Up As Texas Heartbeat Law Takes Affect
In a blog post, Apple said it was issuing a security update for iPhones and iPads because a âmaliciously craftedâ PDF file could lead to them being hacked. It said it was aware that the issue may have been exploited and cited Citizen Lab.
In a subsequent statement, Apple security chief Ivan KrstiÄ commended Citizen Lab and said such exploits âare not a threat to the overwhelming majority of our users.â He noted, as he has in the past, that such exploits typically cost millions of dollars to develop and often have a short shelf life. Apple didnât respond to questions regarding whether this was the first time it had patched a zero-click vulnerability.
Users should get alerts on their iPhones prompting them to update the phoneâs iOS software. Those who want to jump the gun can go into the phone settings, click âGeneralâ then âSoftware Update,â and trigger the patch update directly.
Citizen Lab called the iMessage exploit FORCEDENTRY and said it was effective against Apple iOS, MacOS and WatchOS devices. It urged people to immediately install security updates.MORE NEWS: Red Cross Hoping To Increase Blood Supply With Opening Of New North Texas Donation Centers
(Â© Copyright 2021 CBS Broadcasting Inc. All Rights Reserved. The Associated Press contributed to this report.)