Apple has responded to a critical security threat by swiftly releasing emergency patches for outdated versions of the iPhone and Mac. These updates are designed to eliminate a specific vulnerability, identified as CVE-2023-41064, which could potentially allow remote hackers to compromise devices for the purpose of subsequent surveillance through spyware developed by the Israeli company NSO Group.
The iOS 15.7.9 update is primarily aimed at devices including the iPhone 6s, iPhone 7, and iPhone SE, along with the iPad Air 2. In addition, Apple has issued patches for macOS Big Sur and Monterey, catering to Mac models released since 2013.
Actively Exploited Vulnerability
Apple has issued a stern warning about the active exploitation of this vulnerability by hackers. They have been employing specially modified images to trigger iPhones, iPads, and Macs to execute malicious code. This can result in various malicious activities, including downloading malware or redirecting users to malicious websites.
Discovery by Citizen Lab
The vulnerability was first discovered by Citizen Lab, an organization specializing in information security, during a routine scan of an employee’s device. Citizen Lab noted that the exploit chain was capable of compromising an iPhone running the latest iOS version (16.6) without any intervention from the victim.
Alert from US CISA
The US Cybersecurity and Infrastructure Security Agency (CISA) has also issued an alert regarding the significant risks associated with this vulnerability. They strongly urge Apple users to promptly update their devices to safeguard against potential cyber attacks.
Importance of Timely Updates
This situation underscores the critical importance of regularly updating device software to shield against evolving cyber threats, notes NIXSolutions. Users can conveniently install these patches by navigating to Settings → General → Software Update. It is strongly recommended to enable automatic updates, ensuring that devices autonomously receive necessary patches.