A ‘Zero-click’ exploit has been found in the software of all devices produced by Apple. This includes iPhones, iPads, Mac computers, and Apple watches. A ‘zero-click’ exploit allows a Cyberattacker to hack into the device without requiring the victim to click on or do anything.
Independent security researchers identified the flaw which exploits Apple’s image rendering library. It was achieved by sending a specially crafted malicious PDF file by iMessage to a target individual. Once the malicious PDF is processed, it will go on to install the very dangerous ‘Pegasus’ spyware, which will allow the attacker access to all data stored on the infected device.
Attacks like this are highly sophisticated and usually targeted to specific individuals, therefore are often not a serious threat to all users.
However, Apple has rapidly developed a fix for the exploit through software updates to all its operating systems.
We therefore recommend all Apple users to check their devices for updates and install any pending updates immediately. To do this go to Settings, General, Software Update, and your device will automatically begin to check for updates. Doing so will ensure that your device is not vulnerable to known threats.
Follow Cyber Wise on Twitter @HallidaysCyber or view our other blogs here for more security news.