Why did apple issue an emergency iPhone update?

Apple released an emergency software patch after researchers found a security flaw that allows highly invasive spyware to infect anyone’s Apple device.

Why did apple issue an emergency iPhone update?

Apple issued an emergency patch on Monday for all its products after researchers discovered a “zero-day” flaw whereby hackers could infect a device without users doing anything, not even clicking on a link.

Once the spyware is installed on the device, it can eavesdrop or steal data from your device. The vulnerability affects all of Apple’s operating systems on every device the tech giant makes, including Apple Watches, iPhones, iPads and Macs.

A powerful cyberespionage tool

The flaw was discovered in March after researchers at The University of Toronto’s Citizen Lab, a cybersecurity watchdog organization, discovered that a Saudi activist’s iPhone had been infected with a “zero-day zero-click exploit against iMessage”. Since then, the security team at Apple had worked around the clock to develop a patch. The activist's phone had been infected with Israeli NSO Group’s Pegasus spyware, a powerful cyberespionage tool.

Citizen Lab is calling the vulnerability “FORCEDENTRY”, and the exploit targets Apple’s image rendering library. The software invisibly infects a targets device so the victim is unaware that their phone or computer is infected. Once installed hackers can have access to all the applications of the device. They are able to turn on the owner’s camera and microphone, as well as copy emails, messages and texts even if they are encrypted.

The Israeli cyber-surveillance company licenses its software to governments and police agencies to investigate major crimes. However, it came to light this summer that the spyware was being used to spy on dissidents, human rights activists and journalists when data was leaked to a consortium of news organizations.

For its part NOS Group denies all accusations about its spyware being used for sinister purposes and told USA Today “NSO Group will continue to provide intelligence and law enforcement agencies around the world with lifesaving technologies to fight terror and crime.”

More than 1.65 billion Apple products are vulnerable

The discovery has huge implications. Since at least February over 1.65 billion Apple products in use worldwide have been vulnerable. Although the targets of hackers using Pegasus are normally prominent individuals and would not necessarily target the average user, the flaw is present in all Apple operating systems and any device could be vulnerable to attack. It’s recommended anyone who has an Apple device update their software with the iOS 14.8 and iPadOS 14.8 immediately.