Government cybersecurity agency CERT NZ is urging all Apple owners to update their devices as soon as possible to protect them from a newly discovered iMessage vulnerability it says is being "targeted by attackers".
The bug is believed to have been exploited to install spyware onto the phones of journalists, lawyers and activists around the world, but it could be used by hackers to steal things like your online banking information, as well as remotely activate your microphone and camera.
Due to how serious the vulnerability is, Apple users should immediately update to iOS 14.8, macOS Big Sur 11.6, and watchOS 7.6.2, which fixes the flaw.
If you own an iPhone, Mac or Apple Watch, you've probably gotten a pop-up message telling you to update the software. But if you haven't or ignored that message, here's what you need to do:
How to update your iPhone:
- Open 'Settings', select 'General', select 'Software Update'.
How to update your Mac:
- Open 'System preferences', select 'Software Update'.
How to update your Apple Watch:
- Open the Watch app on your phone, select 'General', select 'Software Update'.
The vulnerability is being referred to as 'ForcedEntry' and CERT NZ says it has been exploited since at least February 2021.
It's been fixed thanks to security researchers at Citizen Lab, an interdisciplinary laboratory based at the Munk School of Global Affairs at the University of Toronto, Canada.
Citizen Lab discovered the malware on the phone of an unnamed Saudi activist and say it allowed for a 'zero-click' install of the notorious Pegasus spyware. This type of cyberattack is particularly fearsome as the target doesn't have to do anything like open an email attachment to be infected.
Apple promptly released the software updates the bug and thanked Citizen Lab in a statement for "completing the very difficult work of obtaining a sample of this exploit".
The updates were urgently released just a day before Apple's scheduled 'California Streaming' event, where it's expected the company will unveil its iPhone 13 range.