Apple has released an emergency software update for a critical vulnerability in its iMessage product that can affect personal devices such as the iPhone, the Apple Watch, and the Mac computer. The flaw allows spyware to infect anyone’s system. The vulnerability was captured by a digital research lab as resulting of analyzing a phone that was infected with Pegasus spyware.
The Pegasus spyware can infect an Apple device without the victim’s knowledge using a novel “zero click remote exploit” which allows anyone to break into a victim’s device without the victim knowing. Using this method, Pegasus can utilize almost every aspect of a personal device to gather data and send it back to malicious actors.
Apple has released security updates to address vulnerabilities—CVE-2021-30860, CVE-2021-30858—in iOS and iPadOS. CISA is aware of public reporting that these vulnerabilities may have been exploited in the wild.
It is highly encouraged that Apple users review the iOS 14.8 and iPad OS 1.48 updates and apply them. For more information, on the updates please visit this link.