A security hole from Apple could infect Apple devices with spyware without user intervention. A patch is now available.
Apple releases urgent iPhone software update to fix apparent security hole
This “zero-click” exploit was discovered on September 7 by Citizen Lab researchers at the University of Toronto. Apple was immediately notified of the exploit and has since released a patch to address the issue. While the exploit was likely used for specific targets like activists and reporters, everyone is encouraged to install the new patch if they are able to do so.
Without the security update, hackers can infect a certain Apple device (computer, phone, tablet, or even watch) by just sending an image. You don’t even have to open or otherwise use the image file to affect your device. Simply receiving it is enough. If your device can use iMessage, it is at risk until you update.
Citizen Lab believes NSO Group used the exploit to infect an activist’s phone with its Pegasus spyware in March. Some Al Jazeera journalists were also likely targeted by the exploit.
