Apple has released a security update to address a newly discovered system flaw that's being ‘actively exploited' to deliver Pegasus malware to iPhones and iPads.
The invasive spyware was developed by the Israeli cyber-arms company NSO Group, and has previously been used to access the devices of journalists, and political dissidents.
Toronto's Citizen Lab, the researchers that discovered the vulnerability, is urging users to update their devices “immediately”. Read on to learn more about the NSO Group's latest exploit and for instructions on how to install the update.
Apple Releases Security Update to Block Pegasus Spyware
Apple is urging iPhone and iPad users to update their devices to iOS 16.6.1 to protect themselves from a software vulnerability known as BLASTPASS.
According to researchers at Citizen Lab at the University of Toronto, the flaw can be exploited by Pegasus spyware, giving attackers full control of devices, and allowing them to gain access to victims' text messages, call recordings, camera rolls, and even data from encrypted apps like Signal and WhatsApp.
🔎 Want to browse the web privately? 🌎 Or appear as if you're in another country?
Get TWO months of Surfshark VPN FREE using this Tech.co special offer.
Pegasus exploits “zero-click” vulnerabilities, meaning that Apple users don't even need to install software to prompt the attack. The malware can be delivered through images attached to PassKit, sent from a fake iMessage account, making it very hard for users to tell when they're being surveilled.
“This latest find shows once again that civil society is targeted by highly sophisticated exploits and mercenary spyware.” – Citizen Lab
Citizen Lab first discovered the security gap when they were checking the device of a Washington DC-based civil society employee. After discovering Pegasus' mercenary spyware on the device, they immediately disclosed their findings to Apple.
The NSO Group first developed Pegasus back in 2011, and the Israeli spyware has since claimed a number of high-profile victims including the president of France Emmanual Macron, and the president of the European Council Charles Michel.
Pegasus tends to be deployed against political opponents and dissidents, making it unlikely for regular users to be targeted. However, if you're not keen on taking chances, here's how to protect yourself from the spyware.
How to Install Apple's Emergency Update
Luckily, installing Apple's latest security update is very straightforward. All you need to do is:
- Open up Settings on your iPhone or iPad
- Select “General” then “Software Update”
- Click on the iOS 16.5.1 software update
If the update isn't available on this screen, check your iOS version number under “General” and then “About”. Your device will already be protected if it's running on the 16.6.1 version.
If you're serious about evading threats like Pegasus, we'd also recommend using a VPN for an additional layer of security. Read our guide to the best VPNs for iPhone and iOS to discover our best-rated options.