Update Required: zero-day zero-click vulnerability found in Apple iMessage
Citizens Lab discovered a vulnerability in the Apple iMessenger application that requires no user interaction to exploit.
What does this mean in laymen’s terms? It’s possible for anyone to send your phone or computer a specially crafted text message which allows them to take over control of your device(s). This includes reading your private messages, viewing your camera, listening to your conversations, or accessing any information stored on or accessed by your device.
This is not a wait until tonight update. Do it now:
Additional details here:
- Citizens Lab report: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
- CISA bulletin: https://us-cert.cisa.gov/ncas/current-activity/2021/09/13/apple-releases-security-updates-address-cve-2021-30858-and-cve
- Apple’s update information (not much useful information here): https://support.apple.com/en-us/HT201222