If your Apple products are not fully updated to the latest software, you’re leaving them exposed to a security vulnerability that can be installed on your device without you needing to do anything at all. “Zero-click” vulnerabilities are the worst.
For the uninitiated, zero-click vulnerabilities allow bad actors to install malware or other malicious software onto your device without needing you to click a link or, really, do anything at all. It goes against all typical cybersecurity protocols; you can do everything by the book and still be infected, since, well, it’s not really up to you, unfortunately.
The exploit was discovered by the research group Citizen Lab, who was looking into a Saudi activists’ Pegasus-infected iPhone. While investigating the device, Citizen Lab discovered that the Pegasus malware was actually installed using a zero-click vulnerability in iMessage; with just a message, the hackers were able to install Pegasus on the device.
The silver lining of the situation is that Citizen Lab was able to stumble upon a major security vulnerability, one that Apple quickly patched with a new update. For iPhones, this is iOS 14.8; iPads get iPadOS 14.8; you’ll see macOS Big Sur 11.6 on your Mac; and Apple Watches receive 7.6.2. Our advice? Update your things ASAP; you don’t want to be around this vulnerability any longer than you have to.