Critical vulnerability in Apple products

September 14, 2021

Summary

Apple released a security update for macOS, watchOS, iOS, iPadOS, and Safari. Apple is aware of a report of potential exploits in the wild.

Impact

A zero-day “zero click” exploit against iMessages that impacts: 

  • macOS Big Sur
  • macOS Catalina
  • watchOS
  • iOS
  • iPadOS
  • Safari

The exploit has been in use since at least February 2021, requires no user interaction, and could lead to installation of the Pegasus spyware.  The Pegasus spyware is not a significant threat for most users. NGO the company that developed the spyware says it is used to target criminals, terrorists, journalists, human rights activists, political dissidents, and business executives.    

Vulnerable

  • macOS Big Sur
  • macOS Catalina
  • watchOS
  • iOS
  • iPadOS
  • Safari

Recommendations

Make sure all your devices are set to auto-update, so you don’t miss critical security fixes such as this on

For ITCS supported devices, we recommend not waiting when prompted. Apple Software Update is enabled by default and users should install them at first prompt whether that be through Apple Software Update or the EOS monthly patching going out at the end of this week.   

References