Tech Tip: How Apple Users Can Ward Off Latest Spyware


New spyware known as Pegasus can hack your Apple operating system even if you haven’t clicked on anything. In response, Apple just released (on Sept. 13) an urgent iOS 14.8 version update that it urges you install immediately.

Why urgent?

The iOS 14.8 update addresses two serious security vulnerabilities Apple believes are being actively used to attack iOS without the user even having to do anything “by mistake.”

According to a CNN report: “Apple has updated its software for iPhones to address a critical vulnerability that independent researchers say has been exploited by notorious surveillance software to spy on a Saudi activist. Researchers from the University of Toronto’s Citizen Lab said the software exploit has been in use since February and has been used to deploy Pegasus, the spyware made by Israeli firm NSO Group that has allegedly been used to surveil journalists and human rights advocates in multiple countries.

The report continued, “The urgent update…. released Monday plugs a hole in the iMessage software that allowed hackers to infiltrate a user’s phone without the user clicking on any links, according to Citizen Lab.”

One vulnerability lies in how iMessage automatically renders images. iMessage has been repeatedly targeted by cyber arms dealers, prompting Apple to update its architecture. But that upgrade has not fully protected the system.

Some Simple Steps to Take

Here’s a heads up on some vulnerabilities with Apple iOS that can allow an attacker to gain access to devices without the user doing anything they’re not supposed to do (such as clicking a link or file attachment).

There are simple steps you can take to protect against these vulnerabilities. If you use iPhone or Apple devices for personal use, update them to the latest operating system (14.8 for iPhone and 7.6.2 if you use an Apple Watch). The most recent update addresses these security vulnerabilities and will help keep users protected. Double check that your firm’s individual devices are up-to-date.

Here are some simple instructions from Apple to check if you are already running iOS14.8:

https://support.apple.com/en-us/HT201685

And here are instructions for Apple Watches:

https://support.apple.com/en-us/HT204641

This would be a good time to remind your team to be vigilant in keeping their devices updated, even when off-the-clock or using a personal device.

If your firm is interested in an automated security scan (automated pen-test), we can help.

Alan Edwards, CISM, is chief information officer at Computerware, Inc., in Vienna, Virginia.

tags

Leave a Reply

Your email address will not be published. Required fields are marked *