See also https://www.macrumors.com/2021/09/13/ios-14-8-zero-click-exploit-pegasus/ if you want a more technical explanation.
Do you own an iPhone or iPad [or Mac]? Update your Apple devices right now
Do you own an iPhone? Update it right now.Apple has released an emergency software patch after researchers uncovered a security flaw that could allow hackers to secretly install spyware on your Apple devices even if you do nothing, not even click on a link.The spyware can then eavesdrop or steal data from your device. All of Apple’s operating systems, including those for iPads, Macs and Apple Watches, are vulnerable.
The University of Toronto’s Citizen Lab said the “zero-click” flaw allowed Pegasus spyware from Israeli hacker-for-hire firm, NSO Group, to infect the iPhone of a Saudi activist by sending an image file via iMessage. The activist asked to remain anonymous.
NSO Group told USA TODAY that “NSO Group will continue to provide intelligence and law enforcement agencies around the world with life saving technologies to fight terror and crime.”
NSO Group licenses its Pegasus spyware tool to government agencies and police forces to investigate major crimes. According to reports from Citizen Lab and Amnesty International, it has also been used to target human rights activists, journalists and political dissidents.
Apple issued a patch aimed at fixing the security flaw Monday but did not mention NSO Group.
“After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users,” Ivan Krstić, head of Apple Security Engineering and Architecture, said in a statement to USA TODAY.
He also credited Citizen Lab for obtaining the exploit “so we could develop this fix quickly.”
“Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals,” Krstić said.
He said the security threat will not affect “the overwhelming majority of our users.”
Although it’s unlikely that hackers will target average users, any Apple device is vulnerable and the iOS update is recommended for everyone.
Update iPhones and iPads to iOS 14.8, Macs to 11.6 and Apple Watches to 7.6.2.
To update your iPhone or iPad
Go to Settings.
Tap Software Update.
Plug in your device or make sure it has 50% battery life or more.
Tap “Install Now.”