Apple released an emergency patch for its entire line of devices earlier this week.
The patch is meant to address a newly discovered “zero-click” exploit, meaning that any of the tech giant’s products could be remotely compromised without any action on the part of its target.
First and foremost, if you happen to own an iPhone, iPad or Apple Watch please apply the update immediately. The rest of this article can wait. The patch also applies to Mac computers, but they’re not the primary vector for the exploit and the update can cause compatibility issues with software. Do not update your Mac computer’s macOS without first checking with Nodal or your current IT provider.
I’ve updated my devices. Now what was this all about?
Now that that’s out of the way, here’s the good news: chances are you weren’t targeted by this newly discovered hack. The zero-click exploit in question has been linked to a specific strain of spyware called Pegasus that was developed and is maintained by an Israeli technology firm called NSO Group.
The bad news is that Pegasus is an extremely effective form of spyware capable of intercepting text messages (even if they’re encrypted), tracking calls, collecting passwords, accessing the microphone and camera of its targets, viewing web history and more. In short: Any data on a device compromised by Pegasus can be and most likely has been exfiltrated.
Is Pegasus just another form of malware?
Not exactly. Pegasus is, at least according to NSO Group, only available to “authorized governments” with the stated aim of helping them “combat terror and crime.” At a minimum that means it’s more likely to be deployed against specific targets for surveillance purposes rather than spread to the general public.
That being said, despite NSO Group’s claims that Pegasus is used solely for law enforcement purposes, it has been confirmed to have been used by several authoritarian regimes and non-government actors including Mexican drug cartels. To date, at least 50,000 public figures, including politicians, journalists, human rights advocates and activists have been targeted by Pegasus.
I work in VFX. Does this affect me?
Probably not, but it’s a teachable moment. Apple is one of the biggest companies in the world and even touted its new “BlastDoor” security system earlier this year as a means of blocking this exact type of vulnerability. The fact that a smaller technology company managed to circumvent Apple’s built-in safeguards this quickly should stand as a stark reminder that no one system, product, or company is immune to potentially business-threatening security vulnerabilities.
So what should I do?
Keep your iOS devices (iPhones, iPads) up to date with the latest security patches and updates. Check with your IT service provider to make sure your software is updated to the most recent stable and compatible versions. Be sure to follow the 1-2-3 rule of backups. Consider taking out a cyber incident insurance policy to help cover the costs of a potential hack or data breach.
It should be noted that applying this patch to Mac computers may cause software incompatibilities with Catalina and Big Sur versions of MacOS. Please check with a qualified technician before applying any updates.
If this sounds daunting, contact Nodal today!