Apple Releases Critical Security Updates for iPhone, iPad, Apple Watch, and Mac
Apple has recently issued two critical security updates for its core products, including the iPhone, iPad, Apple Watch, and Mac. These updates were in response to a vulnerability that would have allowed the Pegasus spyware to infect devices. The bug fixes were rolled out just a few days before Apple’s much-anticipated launch event on September 12.
The vulnerability was discovered and reported by The Citizen Lab, an academic research lab specializing in analyzing security threats and risks. Credited by Apple for the discovery, The Citizen Lab described the flaw as an exploit chain named Blastpass, capable of compromising iPhones running the latest version of iOS (16.6) without any user interaction. Attackers could exploit the bug by sending PassKit attachments with malicious images via Apple’s iMessage.
To address the vulnerability, Apple released two separate fixes labeled CVE-2023-41064 and CVE-2023-41061 for the iPhone and iPad. The Citizen Lab strongly urged all users to immediately apply the fixes through the latest updates on affected devices.
For iPhone and iPad users, the updates iOS 16.6.1 and iPadOS 16.6.1 are now available to be installed on various models. Users can navigate to “Settings > General > Software Update” and tap on “Download and Install” to apply the update.
Apple Watch wearers can install WatchOS 9.6.2 on the Apple Watch Series 4 and later. By opening the Watch app on their iPhone, going to General, then Software Update, and tapping on “Download and Install,” users can update their devices.
Mac users can update to MacOS Ventura 13.5.2 by clicking the Apple icon, selecting System Settings, and then going to General and Software Update. Clicking on the install button will initiate the update process.
The Citizen Lab discovered the vulnerability while examining the device of an individual employed by a civil society organization. They found an actively exploited zero-click vulnerability being used to deliver the NSO Group’s Pegasus spyware.
Pegasus, developed by Israel-based NSO Group, is infamous for targeting government officials, political activists, and journalists. The software allows remote access to devices, enabling the collection of data, monitoring of conversations through messaging apps, email and browser activity, and unauthorized camera and microphone access.
NSO Group claims that Pegasus is used for legitimate purposes by governments to fight crime and terrorism. However, The Citizen Lab, along with Amnesty International and other organizations, argue that the spyware is often misused to target innocent individuals.
Individuals who suspect they are being actively targeted by Pegasus are advised to enable Lockdown Mode on their iPhones or iPads. This feature disables or limits certain settings and features to prevent spyware and malware from accessing sensitive data.
The fact that Apple issued these updates shortly before its launch event demonstrates the critical nature of the vulnerability and the need for urgent fixes.
On September 12, Apple is expected to unveil new products, including the iPhone, Apple Watch, AirPods, and potentially more. Along with the new devices, Apple will release updated versions of its operating systems, such as iOS/iPadOS, watchOS, macOS, and tvOS, approximately a week after the launch event.
Users are encouraged to stay vigilant and promptly update their devices to ensure the highest level of security and protection against potential threats.