Click to Skip Ad
Closing in...

Update your iPhone immediately to fix this ‘terrifying’ security flaw

Published Sep 29th, 2021 9:16AM EDT
iPhone Security
Image: Apple

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Apple works hard and expends a ton of resources to bolster iPhone security. Still, there’s no denying that mobile device security is often a game of cat-and-mouse, with Apple security engineers often responding to newly unearthed security loopholes and zero-day exploits as they arise.

So while Apple routinely issues iOS security updates, the release of iOS 14.8 about a week ago is unique. The iOS 14.8 update fixes a security vulnerability that would allow a malicious actor to have full access to everything on your phone. Suffice it to say, if you’re still running an older version of iOS 14, you should update to iOS 15 immediately.

A sophisticated iPhone security exploit

The exploit in question reportedly comes from the NSO Group, an organization responsible for some of the most advanced and sophisticated iPhone spyware ever created. The exploit itself can easily infect iPhones, iPads, Macs, and even Apple Watches. The spyware is known as Pegasus, but security researchers call it FORCEDENTRY.

Once the spyware infects a device, it keeps tabs on everything. Pegasus can monitor all sorts of data. That list includes phone calls, browser history, photos, emails, and messages sent and received via text, Facebook, WhatsApp.The spyware can also track your location and turn on your microphone for recording.

How the spyware spreads

Previous iterations of Pegasus from the NSO Group required a target to click on a link. The latest version, however, is far more sophisticated. The current incarnation of Pegasus can infect a device with absolutely no action from the target.

The New York Times reveals that one attack vector simply involved sending a target a photo. This photo then took advantage of “the way that Apple processes images and allowed the Pegasus spyware to be quietly downloaded onto Apple devices.”

The full Citizen Lab security report regarding Pegasus is viewable over here.

Apple’s iPhone bug bounty program

On a related note, it’s worth mentioning that some security researchers aren’t happy with Apple’s bug bounty problem. According to some security researchers, Apple doesn’t always pay out what it owes. Further, some Apple employees said that there’s a backlog of bugs that Apple needs to sift through.

The Washington Post reports that Apple’s “insular culture has hurt the program and created a blind spot on security.”

It’s quite common for tech companies to pay researchers who unearth security vulnerabilities. Apple’s bug bounty program, however, only started a few years ago. Additionally, the payment tiers at Apple are lower than they are at other tech companies.

Yoni Heisler Contributing Writer

Yoni Heisler has been writing about Apple and the tech industry at large with over 15 years of experience. A life long expert Mac user and Apple expert, his writing has appeared in Edible Apple, Network World, MacLife, Macworld UK, and TUAW.

When not analyzing the latest happenings with Apple, Yoni enjoys catching Improv shows in Chicago, playing soccer, and cultivating new TV show addictions.