iOS update: iPhone users urged to install new software immediately after powerful security hole found

‘Pegasus’ spyware could be used to spy on people’s devices

Andrew Griffin
Saturday 09 September 2023 05:38 EDT
Comments
Apple iPhone Security Update
Apple iPhone Security Update (Copyright 2022 The Associated Press. All rights reserved)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

iPhone users have been urged to download a new update immediately.

The update was pushed out by Apple to iPhones and iPads after a major security vulnerability was found in the devices.

Patching up that hole with the new software update should keep those devices safe. But without it, attackers could break into an iPhone and spy on its user.

The security issue was found by researchers at the University of Toronto’s Citizen Lab. They said the problem was being “actively exploited” by hackers, and that all users should update immediately.

They were doing so by delivering commercial software called Pegasus, which is made and sold by Israeli company the NSO Group. That software is expensive and targeted, and has primarily been used on specific activists, journalists and politcians, who are likely to know if they are at particular risk of an attack.

The latest attack was used on the iPhone of a member of staff at a US civil society organisation with international offices, Citizen Lab said. It named the new exploit BLASTPASS and said that it did not even require users to click anything on their device.

The NSO Group and Apple have in recent years been engaged in a long-running fight to find and fix security flaws that could allow for the delivery of that software.

Recent iPhone updates brought a new “Lockdown Mode” that places extra restrictions on the device in an attempt to close up potential security flaws. That includes not downloading images that could include spyware, for instance – which is how attackers deliver the hack in this most recent scare.

Downloading the new update is simple. It is done through the Settings app on iPhones and iPads, by clicking the “general” and then “software update” options – that will check for any new updates, and offer the option to download it.

Phones may eventually automatically install the new operating system, which could mean that no download shows up in that screen. Users can check if they have already updated to the new, patched operating system by clicking the “about” option in the general settings, and looking whether they have the newest iOS 16.6.1.

Similar updates are available for Macs and Apple Watches, and are installed in much the same way.

Citizen Lab also advised that anyone “who may face increased risk because of who they are or what they do” should switch on Lockdown Mode. Apple confirmed that would block the new attack, researchers said.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in