Apple users urged to update devices to prevent breach by Pegasus spyware

The spyware can let external parties access an infected device, enabling them to view photos, videos, e-mail and messages. PHOTO: REUTERS
Aqil Hamzah
Updated
Sep 09, 2023, 05:24 PM
Published
Sep 08, 2023, 08:22 PM

SINGAPORE – Those using Apple products are being urged to install the latest security updates after two vulnerabilities were found to have been exploited in tandem to deploy spyware.

The Singapore Cyber Emergency Response Team (SingCert) issued an alert on Friday saying that the vulnerabilities affected a range of products, including iPhones, iPads, the Mac range of computers and laptops, as well as the Apple Watch.

University of Toronto-based Citizen Lab reported on Thursday that it had discovered the vulnerabilities a week earlier when it looked into the Apple device of an employee of a Washington-based civil society organisation.

The digital watchdog said the vulnerabilities were used to install the Pegasus spyware from Israeli cyber-intelligence firm NSO, without requiring input from device owners.

The spyware can let external parties access an infected device, enabling them to view photos, videos, e-mail and messages, even if they were sent through applications that offer encrypted communication.

It can also record conversations made on or near a device, tap its cameras and determine the user’s location.

In 2018, Citizen Lab reported that suspected Pegasus spyware infections were found in 45 countries, including Singapore.

The latest vulnerabilities allow attackers to install the spyware by sending attachments containing maliciously designed images through iMessage.

Citizen Lab said it would publish further details in the future, adding that it had immediately disclosed its findings to Apple and assisted with the tech giant’s investigation.

The devices affected are:

  • iPhone 8 and later
  • iPad Pro (all models)
  • iPad Air (third generation and later)
  • iPad (fifth generation and later)
  • iPad mini (fifth generation and later)
  • Macs running macOS Ventura
  • Apple Watch Series 4 and later

In its report, Citizen Lab urged Apple owners to immediately update their devices.

Those who are at an increased risk of such attacks owing to their identities or the work they do are, meanwhile, encouraged to enable Lockdown Mode, which Apple confirmed would protect them.

More On This Topic
New flaw in Apple devices led to spyware infection, researchers say
Apple files lawsuit against Israeli firm NSO Group, says US citizens were spyware targets

On its website, Apple described Lockdown Mode as “extreme protection”, although it added that most people would never be targeted by digital threats like this.

Once enabled, several functions become limited, including incoming FaceTime calls, and most message attachments are blocked.

Web browsing will also be curtailed, with websites loading slower or not operating correctly.

The drastic measure was not recommended by SingCert, which instead advised Apple users to enable automatic software updates.

This can be carried out by going to settings > general > software update > enable automatic updates.

More On This Topic
How the global spyware industry spiraled out of control
Mark the date: Apple to launch iPhone 15, new watches on Sept 12

Join ST's WhatsApp Channel and get the latest news and must-reads.

Available for
iPhones and iPads
Available in
Google Play

MCI (P) 066/10/2023. Published by SPH Media Limited, Co. Regn. No. 202120748H. Copyright © 2024 SPH Media Limited. All rights reserved.

Back to the top