Apple update to iPhone users: No-click spyware may require immediate action

DON'T MISS: Apple just made an acquisition that will give it a massive foothold in this new industry

And in an increasingly tech-savvy world where everyone is on line, feeling safe as a digital citizen goes a long way. It's no wonder that the iPhone is one of the most popular smartphones on the market. 

Nearly 1.5 billion of us are iPhone users. On a global scale, that accounts for more than a fifth (21%) of the entire population that uses a smartphone.

With that many of us using (and being delighted by) iPhones, it's easy to take for granted how much design, engineering, labor and fulfillment goes into the back end of every device. 

It's also easy -- and dangerous -- to take for granted that many bad actors love to chip away at this perceived security, to gain access to certain persons, take market share, or otherwise. 

So with recent reports of Apple (AAPL) -) iPhones potentially being vulnerable to spyware, the Cupertino, Calif., tech company issued a software update to all users. 

The update, iOS 16.6.1 and iPadOS 16.6.1, fixes several issues. They are: 

• ImageIO
  "Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

  Impact: Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. 
  "Description: A buffer overflow issue was addressed with improved memory handling," Apple wrote on its website concerning the security update.

• Wallet
  "Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
  "Impact: A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
  "Description: A validation issue was addressed with improved logic," Apple wrote.

Apple issues immediate software update

The security update comes after John Scott-Railton, an employee and senior researcher at Citizen Lab in Washington, posted on Twitter that his group had found Pegasus spyware on iPhones. 

Scott-Railton mentioned that the DC-based group had found the vulnerability last week.

"Last week, while checking the device of an individual employed by a Washington DC-based civil society organization with international offices, Citizen Lab found an actively exploited zero-click vulnerability being used to deliver NSO Group’s Pegasus mercenary spyware," Citizen Lab posted on Sept. 7.

🚨 Update your @apple products immediately!

Last week we @citizenlab discovered a new #Pegasus zero-click exploit chain.

(No clicking required to infect latest iOS!)

Found while checking civil society.

Disclosed to Apple which rushed a patch 1/ https://t.co/NN6LWCbwAj pic.twitter.com/zN3cotBCMk

— John Scott-Railton (@jsrailton) September 7, 2023

Pegasus, one of the most infamous and advanced spyware, is so feared because it requires no clicks to gain access to smartphones or technology. It has been blacklisted by the U.S. since 2021.

"Pegasus spyware is zero-click mobile surveillance software designed to infiltrate iOS and Android devices to secretly collect information," Avast explains. GEN

"Pegasus has extensive data-collection capabilities — it can read texts and emails, monitor app usage, track location data, and access a device’s microphone and camera,"  

In its update, Apple thanked Citizen Lab for its collaboration on the update. 

"We would like to acknowledge The Citizen Lab at The University of Torontoʼs Munk School for their assistance," Apple wrote. 

To update your iPhone, navigate over to your settings, then click general, and check for software updates. The update is relatively short and should be installed in less than a few minutes. 

Action Alerts PLUS offers expert portfolio guidance to help you make informed investing decisions. Sign up now.