UPDATE APPLE. To everyone’s surprise, Appie has just released updates to its macOS, iOS, iPadOS, and even watchOS operating systems. These versions, to be installed without delay, correct critical security vulnerabilities, particularly related to Pegasus.
A few hours before its big back-to-school conference (the famous keynote) during which will be presented several important new features (in particular the iPhone 13), Apple has just released updates to its various operating systems, namely macOS 11.6 for the Mac, iOS 14.8 for the iPhone, iPadOS 14.8 for the iPad, and watchOS 7.6.2 for the Watch Series smartwatches. Quite surprising updates insofar as new major versions are expected soon, in the wake of the keynote, with the expected arrival of iOS 15 (see our special iOS 15 article: final version, update, new features , compatibility, release date) and its counterpart, iPadOS 15 for mobile phones, and macOS Monterey (which will probably be called macOS 12) for computers. The reason for this surprise deployment? A serious security problem.
A flaw exploited by the Pegasus spyware?
In fact, the new versions do not bring any functional novelty. As Apple modestly mentions, without giving details, these updates aim to correct critical flaws in the systems. And, in particular, a flaw that, according to Citizen Lab security researchers, would have already been exploited by government agencies to spy on the phones of various personalities (journalists, activists, politicians, lawyers, etc.). Experts are obviously alluding to the famous Pegasus case which hit the headlines a few months ago, when it was discovered that security holes allowed a “zero click” installation – that is to say without requiring the installation. least intervention by the victim – spyware Pegasus from the company NSO Group, able to recover personal data (messages, passwords, etc.) but also to activate the microphone or the camera of a phone without knowing it of its user.
Last August, Citizen Lab reported that the vulnerability had previously been used successfully on iPhones running iOS 14.6. According to the researchers, this “exploit” was made possible by a bug in Apple’s CoreGraphics system that occurred when the smartphone attempted to use a GIF-related function after receiving a text message containing an infected file. Upon analysis, it would appear that the files are in fact PDFs and PDFs. Regardless, the experts at Citizen Lab sent the results of their research to Apple in early September, and it only took a few days for the apple brand to plug the breach.
But what do the technical explanations and the ins and outs of the case matter? Apple has confirmed that the discovered vulnerability, stamped CVE 2021-30860, affects a large number of its products (specifically all iPhones with iOS versions prior to 14.8, all Macs with macOS versions prior to Big Sur 11.6 , all Apple Watch with a system prior to watchOS 7.6.2 as well as all models of iPad Pro, iPad Air 2 and later, iPad from 5e generation and later, iPad mini 4 and later, and even iPod touch from 7e generation). It is therefore strongly recommended, not to say essential, to apply the patches developed by Apple without delay. Granted, Pegasus only seems to aim at selected targets, but it is best to avoid any risk of espionage as the vulnerability could be exploited by other hackers. Especially since the updates are already available, both for macOS and for iOS, iPadOS and watchOS and they are easy to install!
- On Mac, expand the apple menu, open them System Preferences, then go to Software update and finally click on Upgrade now. Wait while the Mac installs and restarts.
- On iPhone or iPad, if a notification indicates that an update is available, check that your mobile is at least 50% charged and press To install to update immediately, preferably over Wi-Fi. You can also press Later, then choose Install tonight Where Remind me later. Just remember to plug your device into a power source before going to bed. The update will take place automatically during the night. If you don’t see a notification message, open your mobile settings and go to General then in Software update.
To update your Apple Watch, you have to go through an iPhone, first ensuring that it is connected to Wi-Fi and charged at least to 50%. The watch must be charging on its support. Open Watch app on the iPhone, then go to General and in Software update. The update should be available – wait until it appears if it doesn’t. Then press To download then on To install once the download is complete. Then type the iPhone password, accept the terms and conditions, then validate by pressing Install one last time to actually proceed with the installation.