Apple Updates Critical Vulnerability in iPhones

Apple has plugged a hole that could've allowed invasive spyware through.

Apple has plugged a hole that could’ve allowed invasive spyware through.

Yesterday, Apple released an important new iOS 14.8 software update. This update, among other things, contains a patch for a critical vulnerability in the iMessage software. This vulnerability, originally uncovered by the University of Toronto’s Citizen Lab, could be used by a hacker to infiltrate a user’s phone to access data and plant spyware. What makes this vulnerability especially alarming is that, unlike many potential avenues of entry for hackers, it does not require any link clicks or interaction from users; a hacker could simply slip right in.

“Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals,” Ivan Krstić, head of Apple Security Engineering and Architecture, said in a statement thanking Citizen Lab for finding the vulnerability.

Krstić has advised that all iPhone users update their devices immediately, though he also assured that the vulnerability is “not a threat to the overwhelming majority of our users.”

According to the Citizen’s Lab report, this vulnerability has previously been exploited by Israeli firm NSO Group to spy on certain activists and journalists. NSO Group declined to comment on these allegations.