fbpx

Get this done now! – iPhone Vulnerability

Do not delay update your device

Get this done now! – iPhone Vulnerability

NO I mean really get this done now!

There has been talk about a “zero-click” vulnerability in iOS for a while on tech channels and now Apple has a patch. I will say more after you go to your iPhone/iPad/iPod and do this:

Settings – General – Software Update – Download and Install

Here is the BBC article on the issue.

Apple rushes to block ‘zero-click’ iPhone spyware – BBC News

This attack is particularly nasty as it requires no intervention or action by the user – it just runs. As I teach in my Cyber Security courses, people are one of the best defences in Cyber Security as the bad actor knows how the technical defences to their attack will respond but the person is the x-factor that can spot the attack and stop it and the attacker can do little about that defence.

iPhones and iOS have enjoyed a reputation of being secure and this has helped boost their sales – I have one, my family use them and many people at Octagon have one (or two). But a vulnerability like this highlights that software is complex and even the richest company in the world with a correspondingly large R&D and testing budget can still miss something. And that something can be, will be, discovered by outsiders who may or may not tell someone or may or may not use it to exploit the software users.

Apple’s Messenger app has grown from a “simple” text message program to a keystone app for Apple giving a multi-use interface to its users to communicate with others. The speculation in the tech media is that this issue has arisen by just trying too hard to get Messenger to do too much.

Want to know more about “zero-click” attacks? Bruce Schneier links to an excellent Wired article:

Zero-Click iPhone Exploits – Schneier on Security

The take-away from all this – the best advice any cyber security expert will give you is always keep your devices and software updated and patched because if you do not then you may become a victim of a hacker attack, even if you do not do anything.