iPhone users, take note: Update immediately
Known for its swift action in updates, Apple quickly provided a solution for another situation that puts its users at risk.
Apple has recently rolled out a security update for iPhone, iPad, MacBook, and Apple Watch to address two significant zero-day vulnerabilities. These vulnerabilities, unknown to the vendor and without a patch, pose severe threats as they can be exploited by attackers without facing any software resistance.
The identified vulnerabilities are CVE-2023-41064 and CVE-2023-41061. They enable attackers to install malware on devices through a malicious image or attachment. Once infected, this malware can pilfer data, track user location, or even commandeer the device. This concern was highlighted by the Citizen Lab, a research group at the University of Toronto's Munk School of Global Affairs & Public Policy. They discovered these vulnerabilities were utilized to introduce NSO Group’s Pegasus spyware onto iPhones. Pegasus, an incredibly potent spyware, infects a device and relays data such as photos, messages, and audio/video recordings.
iPhone users, take note: Update immediately
It's imperative for users to promptly update their devices to the latest iOS, iPadOS, macOS, and watchOS versions. The recent patches can be accessed from the device's Settings app. This is not the first time Apple has had to address such issues. A few months ago, in July, they had to rectify a different zero-day vulnerability that attackers were exploiting to inject malware into iPhones and iPads.
It's evident that the occurrence of zero-day vulnerabilities is on the rise. Ensuring devices are consistently updated with the latest security patches can shield users from these looming threats.