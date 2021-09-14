Apple released on Monday (13) a security update for iPhones, iPads, Apple Watches and Macs that fixes a vulnerability used by the spy software Pegasus, from the Israeli company NSO Group.

The loophole was discovered by Citizen Lab, a digital security research group at the University of Toronto, Canada, which said it found evidence that the vulnerability was used by the NSO Group to break into the iPhone of a journalist from the broadcaster Al Jazeera, in July 2020.

This security hole is of the type “zero click”, which installs the virus without any user action.

According to Apple, the loophole was used when the device was processing a PDF file, which could lead to “arbitrary code execution” – that is, without permission.

Citizen Lab pointed out that even though they were PDFs, the files often arrived on the device with a GIF extension.

Another vulnerability, flagged by an anonymous researcher, which executed code while processing web page content, has also been fixed in this update.

Last July, newspapers in the United Kingdom and the United States revealed that journalists, activist groups and opposition politicians from 50 countries could have had their smartphones hacked by Pegasus.

Updated versions of Apple operating systems are:

iOS 14.8;

iPadOS 14.8;

watchOS 7.6.2

macOS Big Sur 11.6

macOS Catalina Security Update 2021-005

Most users will receive notification about the update, but you can launch it automatically by navigating to “Settings”, then selecting the option “General” and “Software Updates”.

The manufacturer recommends installing the update to preserve device security.

