Update your iPhone immediately to fix this ‘terrifying’ security flaw

Apple works hard and expends a ton of resources to bolster iPhone security. Still, there’s no denying that mobile device security is often a game of cat-and-mouse, with Apple security engineers often responding to newly unearthed security loopholes and zero-day exploits as they arise.

So while Apple routinely issues iOS security updates, the release of iOS 14.8 about a week ago is unique. The iOS 14.8 update fixes a security vulnerability that would allow a malicious actor to have full access to everything on your phone. Suffice it to say, if you’re still running an older version of iOS 14, you should update to iOS 15 immediately.

A sophisticated iPhone security exploit

The exploit in question reportedly comes from the NSO Group, an organization responsible for some of the most advanced and sophisticated iPhone spyware ever created. The exploit itself can easily infect iPhones, iPads, Macs, and even Apple Watches. The spyware is known as Pegasus, but security researchers call it FORCEDENTRY.

Once the spyware infects a device, it keeps tabs on everything. Pegasus can monitor all sorts of data. That list includes phone calls, browser history, photos, emails, and messages sent and received via text, Facebook, WhatsApp.The spyware can also track your location and turn on your microphone for recording.

How the spyware spreads

Previous iterations of Pegasus from the NSO Group required a target to click on a link. The latest version, however, is far more sophisticated. The current incarnation of Pegasus can infect a device with absolutely no action from the target.

The New York Times reveals that one attack vector simply involved sending a target a photo. This photo then took advantage of “the way that Apple processes images and allowed the Pegasus spyware to be quietly downloaded onto Apple devices.”

The full Citizen Lab security report regarding Pegasus is viewable over here.

Apple’s iPhone bug bounty program

On a related note, it’s worth mentioning that some security researchers aren’t happy with Apple’s bug bounty problem. According to some security researchers, Apple doesn’t always pay out what it owes. Further, some Apple employees said that there’s a backlog of bugs that Apple needs to sift through.

The Washington Post reports that Apple’s “insular culture has hurt the program and created a blind spot on security.”

It’s quite common for tech companies to pay researchers who unearth security vulnerabilities. Apple’s bug bounty program, however, only started a few years ago. Additionally, the payment tiers at Apple are lower than they are at other tech companies.

Stay connected with us on social media platform for instant update click here to join our  Twitter, & Facebook

We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechAzi is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More