Tech company Apple calls on all users of the more than 1.6 billion Apple products to perform a software update immediately. This was after a security vulnerability was discovered in the Messages app.
Security researchers had previously determined that the Israel-based NSO Group had used the vulnerability to “exploit and infect” the latest devices with spyware. The leak has now been repaired.
The leak was revealed Monday by Citizen Lab, a cyber research unit at the University of Toronto. The researchers said that the bug allowed a hacker using NSO’s Pegasus malware to gain access to a device belonging to an unnamed Saudi activist. According to Apple, the leak could be exploited by a “maliciously edited” PDF file.
The leak was a so-called “zero-day” vulnerability, which refers to newly discovered bugs that hackers can exploit that have not yet been patched. As a result, victims did not have to click on the malicious file to infect their devices, something known as a “zero-click” attack.
According to Citizen Lab, the issue highlights that chat apps are the most vulnerable when it comes to device security. “They’re ubiquitous, which makes them very attractive, so they’re an increasingly common target for hackers,” said John Scott-Railton, senior researcher at Citizen Lab. Therefore, according to him, the apps should be a significant security priority. “Reducing the attack surface of chat apps will help make all of our devices more secure.”
Apple fixes the vulnerability via a software update on the iPhone, iPad, Mac and Apple Watch. The software releases came right before Apple’s event later on Tuesday. There, the tech company will likely initiate the release of the iOS 15 operating system, including additional security.