Byte-size Bulletins

Apple rushes to block 'Zero Click' spyware affecting their devices

Written by Rachael Brown | Sep 14, 2021

 

Apple has just issued an emergency software patch to block “zero-click” spyware that allows hackers to access Apple devices. This spyware operates via corrupted links and files in the iMessage service, which don't even require the targeted user to click on them. 

Apple also announced yesterday in a blog post that this has also effected Core Graphics, Apple’s API vector drawing framework and Webkit, Apple’s iOS browser engine used in Safari.

The spyware operates similarly through corrupted links and files in Core Graphics and  Webkit which lead to arbitrary code execution on a users device. 

This spyware affects all of Apple’s operating systems including iPhones, Macs and Apple watches, discovered just as the company prepares to unveil new devices at its annual launch event today. 

It was discovered by independent researchers, including the University of Toronto’s Citizen Lab, who have previously highlighted ways in which Apple systems could be exploited. 

The fact that Apple’s iMessage, one of the most secure messaging apps available, has been completely caught off guard by a dangerous unseen weakness is naturally concerning. 

Well-funded, experienced hackers have ways of accessing even the most secure systems, so while users may not be facing the biggest risk, remaining vigilant is for everyone's benefit. 

Advice all iOS users should take is to update the security software of their devices as soon as possible to patch up the security hole and remain updated on potential security threats. 

Photo by Zhiyue Xu on Unsplash