Got an iPhone, iPad, Mac, or Apple Watch?
Go on and go update it.
NOW.
No, really.
Why the fuss? These updates close some really nasty holes in each of these various devices.
How nasty? Is this nasty enough for ya?
CVE-2021-30860 allows commands to be executed when files are opened on certain devices. Citizen Lab noted that the vulnerability would give hackers access without the victim even clicking anything.
https://www.zdnet.com/article/apple-releases-update-fixing-nso-spyware-vulnerability-affecting-macs-iphones-ipads-and-watches/
What this means in everyday terms is that these are exploits out in the world RIGHT NOW that allows an attacker to gain access to your phone. Access to things such as:
- A device’s camera
- A device’s microphone
- Messages
- Text
- Emails
- Call history
- And more
The scariest part of this, is that you don’t have to do anything at all to fall victim to it. Nope, NOTHING. No clicking on a suspicious link, or opening a bad email attachment. That’s what “zero-click” means: no user interaction is required. The “zero-day” term in the article means that this vulnerability was being active exploited even before Apple knew about it.
Okay, so now that you’ve read everything, hopefully you’ve updated your various iDevices by now. If not…
Go on, go update!
Secure, In Style 