Today, Apple released critical security updates for versions of Safari, macOS Big Sur, macOS Catalina, macOS Mojave, iOS, iPadOS, and watchOS to fix a vulnerability that could allow the device to become compromised.
This affects all devices with iOS and iPadOS versions prior to 14.8, all Mac computers with operating system versions prior to OSX Big Sur 11.6, Security Update 2021-005 Catalina, and all Apple Watches prior to watchOS 7.6.2.
Everyone will need to update their personal devices. IT support groups will update Duke-owned devices. If you are unsure, contact your local IT support.
Some devices will send a prompt for the security update. If not, see how to manually update your device below.
How to manually update your device
Within the settings application Apple devices will show a notification, a red circle with a ‘1,’ to indicate that a system update is available. On iPhones and iPads, tap Settings -> General -> Software Update to install the update.
On Macs, open System Preferences, click the “Software Update” icon, then click “Install.”
Security researchers at the Citizen Lab disclosed the vulnerability, dubbed FORCEDENTRY, and the exploit code to Apple on Tuesday, September 7. The Citizen Lab determined that Israel's NSO Group used the vulnerability to remotely exploit and infect the latest Apple devices with the Pegasus spyware.
“This spyware can do everything an iPhone user can do on their device and more,” said John Scott-Railton, a senior researcher at Citizen Lab, to The New York Times. Read more details about the vulnerability and the exploit, on the Citizen Lab website.
For more information about the exploitation, visit the Duke Security website.