{"id":137088,"date":"2021-09-14T16:42:25","date_gmt":"2021-09-14T20:42:25","guid":{"rendered":"http:\/\/www.bu.edu\/tech\/?p=137088"},"modified":"2021-09-28T20:37:46","modified_gmt":"2021-09-29T00:37:46","slug":"apple-releases-emergency-security-update-14-8","status":"publish","type":"post","link":"https:\/\/www.bu.edu\/tech\/2021\/09\/14\/apple-releases-emergency-security-update-14-8\/","title":{"rendered":"Update your Apple device now: emergency security update released"},"content":{"rendered":"<p>Apple has released an emergency security update to address a vulnerability in which spyware could be installed on an iPhone or other Apple device without ever having to click on a malicious link.<\/p>\n<p>The security patch was released on Monday September 13th, 2021 and a current activities alert (which p<span>rovides up-to-date information about high-impact types of security activity affecting the community at large) <\/span>was issued through CISA via the <a href=\"https:\/\/us-cert.cisa.gov\/ncas\/current-activity\/2021\/09\/13\/apple-releases-security-updates-address-cve-2021-30858-and-cve\">National Cyber Awareness System<\/a>.<\/p>\n<p><img loading=\"lazy\" src=\"\/tech\/files\/2021\/09\/Screen-Shot-2021-09-14-at-4.34.55-PM-636x335.png\" alt=\"\" width=\"636\" height=\"335\" class=\"aligncenter size-medium wp-image-137090\" srcset=\"https:\/\/www.bu.edu\/tech\/files\/2021\/09\/Screen-Shot-2021-09-14-at-4.34.55-PM-636x335.png 636w, https:\/\/www.bu.edu\/tech\/files\/2021\/09\/Screen-Shot-2021-09-14-at-4.34.55-PM-1024x540.png 1024w, https:\/\/www.bu.edu\/tech\/files\/2021\/09\/Screen-Shot-2021-09-14-at-4.34.55-PM-768x405.png 768w, https:\/\/www.bu.edu\/tech\/files\/2021\/09\/Screen-Shot-2021-09-14-at-4.34.55-PM.png 1150w\" sizes=\"(max-width: 636px) 100vw, 636px\" \/><\/p>\n<p><strong>What this means if you&#8217;re using an Apple device:<\/strong> As always recommended, update your software ASAP. If you&#8217;re not already using automatic updates, turn that setting on to get the latest software notifications as soon as they&#8217;re released.<\/p>\n<p><span>The spyware can then eavesdrop or steal data from your device. All of\u00a0Apple\u2019s operating systems, including those for iPads, Macs and Apple Watches, are vulnerable.<\/span><\/p>\n<p>For instructions on how to update your device and more information on the release visit the Apple Security Updates page: <a href=\"https:\/\/support.apple.com\/en-us\/HT201222\">https:\/\/support.apple.com\/en-us\/HT201222\u00a0<\/a><\/p>\n<p><span><strong>How they discovered the vulnerability:<\/strong> The security flaw was discovered by researchers at watchdog group\u00a0<\/span><a class=\"gtm-content-click\" data-vars-link-text=\"Citizen Lab\" data-vars-click-url=\"https:\/\/citizenlab.ca\/2021\/09\/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild\/\" data-vars-event-category=\"story\" data-vars-sub-category=\"story\" data-vars-item=\"in_content_link\" href=\"https:\/\/citizenlab.ca\/2021\/09\/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild\/\" target=\"_blank\" rel=\"noopener noreferrer\">Citizen Lab<\/a><span>, which found that the phone of a Saudi political activist had been infected with the Pegasus spyware via iMessage.<\/span><\/p>\n<p>The device had been hacked using a &#8220;zero-click&#8221; method that had allowed the spyware to live on the Saudi&#8217;s phone since February without detection, according to the<span>\u00a0<\/span><a class=\"gtm-content-click\" data-vars-link-text=\"Washington Post\" data-vars-click-url=\"https:\/\/www.washingtonpost.com\/technology\/2021\/09\/13\/pegasus-spyware-new-exploit-apple\/\" data-vars-event-category=\"story\" data-vars-sub-category=\"story\" data-vars-item=\"in_content_link\" href=\"https:\/\/www.washingtonpost.com\/technology\/2021\/09\/13\/pegasus-spyware-new-exploit-apple\/\" target=\"_blank\" rel=\"noopener noreferrer\">Washington Post<\/a>. The same security flaw would enable the software to infect other Apple iPhones, watches and MacBooks, per the Post.<\/p>\n<p><strong>Apple&#8217;s Statement<\/strong>: <span>&#8220;After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users,&#8221; said Ivan Krsti\u0107, head of Apple Security Engineering and Architecture, in a statement.<\/span><\/p>\n<p><em>For instructions on how to update your device and more information on the release visit thee Apple Security Updates page:<\/em> <a href=\"https:\/\/support.apple.com\/en-us\/HT201222\">https:\/\/support.apple.com\/en-us\/HT201222\u00a0<\/a><\/p>\n<ul>\n<li><a href=\"https:\/\/support.apple.com\/en-us\/HT212807\">ios 14.8 and iPadOS 14.8<\/a><\/li>\n<li><a href=\"https:\/\/support.apple.com\/en-us\/HT212804\">macOS Big Sur 11.6<\/a><\/li>\n<li><a href=\"https:\/\/support.apple.com\/en-us\/HT212805\">macOS Catalina<\/a><\/li>\n<li><a href=\"https:\/\/support.apple.com\/en-us\/HT212806\">watchOS 7.6.2<\/a><\/li>\n<li><a href=\"https:\/\/support.apple.com\/en-us\/HT212808\">Safari 14.1.2<\/a><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Apple has released an emergency security update to address a vulnerability in which spyware could be installed on an iPhone or other Apple device without ever having to click on a malicious link. The security patch was released on Monday September 13th, 2021 and a current activities alert (which provides up-to-date information about high-impact types&#8230;<\/p>\n","protected":false},"author":4352,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[795,17001],"tags":[17017],"_links":{"self":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/posts\/137088"}],"collection":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/users\/4352"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/comments?post=137088"}],"version-history":[{"count":6,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/posts\/137088\/revisions"}],"predecessor-version":[{"id":137095,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/posts\/137088\/revisions\/137095"}],"wp:attachment":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/media?parent=137088"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/categories?post=137088"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/tags?post=137088"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}