On the day it planned to roll out its new iPhone, Apple instead has been stunned by the discovery that cyber attackers may have found a way to worm their way into an array of Apple-made products from the iPad to the Apple Watch.
The company is on the case, actively patching two vulnerabilities in its software that allows hackers to take command of its devices. An inventive bunch, those cyber thugs — Apple said that an attacker can actually trigger an iOS-run device to run deviant computer code, such as downloading a malicious program from the internet onto the user’s device.
This is Apple's second major security flaw in as many months.
What to look for and what to fix
In PCMag’s coverage of the situation, one way an attack can happen comes via iMessage, where the attacker sends a mischievous PDF. Security analysts at Citizen Lab have concluded that the attackers use the vulnerability to spread the Pegasus — a particularly nasty spyware program — which can clandestinely take over an iPhone.
Not to be left out of the flaw circus, researchers at Citizen Lab also found that suspicious animated GIFs masquerading as Adobe PDFs are also able to exploit Apple’s flaw. Like Apple, this is also Adobe's second recent run-in with security issues — the first coming in mid-August when it found a vulnerability in its iOS and Windows versions of Photoshop.
Apple immediately released a system software update designed to patch the issue. The company is advising owners of Apple devices to update them immediately.
Here is a list of the devices affected by the breach and links to the security update. You can also follow Apple’s suggested method for updating your device’s system software.
Security Update Link
macOS Catalina and macOS Mojave
macOS Big Sur
Apple Watch Series 3 and later
iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)