Update Your Apple Devices to Guard Against Pegasus Spyware Attacks

Update Your Apple Devices to Guard Against Pegasus Spyware Attacks

September 14, 2021 |

2 minute read

Apple issued an emergency update yesterday for a critical vulnerability discovered in its iPhones, Apple Watches, and Mac computers. Researchers at Citizen Lab discovered a no-click zero-day exploit that works on all Apple devices that do not have the latest update. 

ForcedEntry

Citizen Lab first reported a zero-day vulnerability affecting Apple’s iMessage tool back in late August. The flaw was used to surreptitiously push Pegasus spyware onto the Apple devices of unsuspecting targets. 

Further research discovered that ForcedEntry can also exploit a weakness in how Apple devices render images—providing another avenue for compromising a target device with a no-click zero-day attack. 

Stay Calm

For most people, there is no need to panic. Yes, this newest Pegasus spyware is novel, invasive and can easily infect billions of Apple devices. But there is a solution available. Stay calm and simply get control of your device and download the software updates available from Apple. 

Do that and move on. 

Follow the guidance from Apple if you think you are infected and consult your IT department at work, school, etc. If none of those are an option for you, you can turn to Apple’s Genius Bar technicians for help. 

With nearly 2 billion iPhones active around the world, 100 million Apple Watches being used and more than 100 million Macs, security can’t be a luxury for Apple and it’s not. It’s a responsibility they take seriously.

Combating Spyware

This type of software is generally a scourge. Spyware is ethically shady and generally operates within the darker side of the gray area between legal and illegal activity. There are potentially valid uses for monitoring or spyware tools, but the line between legitimate use and stalkerware is very thin, and the risk of abuse is significant. 

The Pegasus spyware has been known for a while. What’s novel is the subtle installation. These have happened in the past and should be a top priority to identify and fix for any vendor. Again, a top priority. 

Make no mistake, the expanded data footprint and connected world with tens of billions of connected devices around the world means security will get harder. 

Today, there is an immediate call to innovate. If you want the privileges of a connected world, today, tomorrow and beyond, we need to collectively get better at the security game. The attackers are investing, and so should we all.

Defending the Walled Garden

Relating to Apple security, failing is ok. Failing consistently is not. 

Let’s see how Apple addresses this. They are a generally more secure platform, but they must continue to invest and demonstrate commitment going forward. The most secure platform in the world can be cracked given time unless the security is maintained. An incident or two are not a cause for pitchforks and torches to come out. That comes later if things recur or are dealt with in a cavalier manner.

Now that the vulnerability is known, others will try to use it as quickly as possible. So, there is some sense of urgency for you to patch and fix things.

About the Author

Sam Curry

Sam Curry is CSO at Cybereason and is a Visiting Fellow at the National Security Institute. Previously, Sam was CTO and CISO for Arbor Networks (NetScout) and was CSO and SVP R&D at MicroStrategy in addition to holding senior security roles at McAfee and CA. He spent 7 years at RSA, the Security Division of EMC as Chief Technologist and SVP of Product. Sam also has over 20 patents in security from his time as a security architect, has been a leader in two successful startups and is a board member of the Cybersecurity Coalition, of SSH Communications and of Sequitur Labs.

All Posts by Sam Curry

Update Your Apple Devices to Guard Against Pegasus Spyware Attacks

September 14, 2021 |

2 minute read

Apple issued an emergency update yesterday for a critical vulnerability discovered in its iPhones, Apple Watches, and Mac computers. Researchers at Citizen Lab discovered a no-click zero-day exploit that works on all Apple devices that do not have the latest update. 

ForcedEntry

Citizen Lab first reported a zero-day vulnerability affecting Apple’s iMessage tool back in late August. The flaw was used to surreptitiously push Pegasus spyware onto the Apple devices of unsuspecting targets. 

Further research discovered that ForcedEntry can also exploit a weakness in how Apple devices render images—providing another avenue for compromising a target device with a no-click zero-day attack. 

Stay Calm

For most people, there is no need to panic. Yes, this newest Pegasus spyware is novel, invasive and can easily infect billions of Apple devices. But there is a solution available. Stay calm and simply get control of your device and download the software updates available from Apple. 

Do that and move on. 

Follow the guidance from Apple if you think you are infected and consult your IT department at work, school, etc. If none of those are an option for you, you can turn to Apple’s Genius Bar technicians for help. 

With nearly 2 billion iPhones active around the world, 100 million Apple Watches being used and more than 100 million Macs, security can’t be a luxury for Apple and it’s not. It’s a responsibility they take seriously.

Combating Spyware

This type of software is generally a scourge. Spyware is ethically shady and generally operates within the darker side of the gray area between legal and illegal activity. There are potentially valid uses for monitoring or spyware tools, but the line between legitimate use and stalkerware is very thin, and the risk of abuse is significant. 

The Pegasus spyware has been known for a while. What’s novel is the subtle installation. These have happened in the past and should be a top priority to identify and fix for any vendor. Again, a top priority. 

Make no mistake, the expanded data footprint and connected world with tens of billions of connected devices around the world means security will get harder. 

Today, there is an immediate call to innovate. If you want the privileges of a connected world, today, tomorrow and beyond, we need to collectively get better at the security game. The attackers are investing, and so should we all.

Defending the Walled Garden

Relating to Apple security, failing is ok. Failing consistently is not. 

Let’s see how Apple addresses this. They are a generally more secure platform, but they must continue to invest and demonstrate commitment going forward. The most secure platform in the world can be cracked given time unless the security is maintained. An incident or two are not a cause for pitchforks and torches to come out. That comes later if things recur or are dealt with in a cavalier manner.

Now that the vulnerability is known, others will try to use it as quickly as possible. So, there is some sense of urgency for you to patch and fix things.

About the Author

Sam Curry

Sam Curry is CSO at Cybereason and is a Visiting Fellow at the National Security Institute. Previously, Sam was CTO and CISO for Arbor Networks (NetScout) and was CSO and SVP R&D at MicroStrategy in addition to holding senior security roles at McAfee and CA. He spent 7 years at RSA, the Security Division of EMC as Chief Technologist and SVP of Product. Sam also has over 20 patents in security from his time as a security architect, has been a leader in two successful startups and is a board member of the Cybersecurity Coalition, of SSH Communications and of Sequitur Labs.

All Posts by Sam Curry

*** This is a Security Bloggers Network syndicated blog from Blog authored by Sam Curry. Read the original post at: https://www.cybereason.com/blog/update-your-apple-devices-to-guard-against-pegasus-spyware-attacks

Recent Posts

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

Singapore, Singapore, March 28th, 2024, CyberwireGoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report that highlights…

27 mins ago

Checkmarx Aligns With Wiz to Improve Application Security

Checkmarx has integrated its platform for securing application development environments with Wiz's CNAPP.

38 mins ago

Cyber Risk Management: A Beginner’s Guide

With the emergence of new cybersecurity regulations like the SEC’s incident disclosure rules and the EU’s NIS2 Directive, much attention…

3 hours ago

Cybersecurity Infrastructure Investment Crashes and Burns Without Governance

Just like pilot awareness is crucial during unexpected aviation events, cybersecurity's traditional focus on infrastructure needs to shift to more…

3 hours ago

Votiro Listed in 2024 Partner Program Guide by CRN®

The post Votiro Listed in 2024 Partner Program Guide by CRN® appeared first on Votiro.

3 hours ago

Hundreds of Clusters Attacked Due to Unpatched Flaw in Ray AI Framework

Thousands of servers running AI workloads are under attack by threat actors exploiting an unpatched vulnerability in the open-source Ray…

3 hours ago