Apple issues emergency security update to combat zero-click spyware

Man in hoody holding up phone that says HACKED on Screen.
(Image credit: Getty Images - D-Keine)

If you're one of those people who perpetually ignore software updates, don't ignore this one. After a cyber security research company recently revealed a massive security exploit, Apple has issued an emergency update for iOS and macOS operating systems. This zero-click exploit could infect your Apple device with spyware without you ever knowing. 

According to this report by the University of Toronto's Citizen Lab, the ForcedEntry zero-click exploit can pretty much compromise all Apple devices such as phones, tablets, smartwatches, and computers. 

Citizen Lab researchers first spotted signs of ForcedEntry in March while analyzing the phone of a Saudi activist who was infected with spyware created by the NSO Group. This Israeli spyware company has been accused of selling governments worldwide software designed to spy on private citizens, particularly journalists and activists. Citizen Lab notified Apple of its findings on September 7, a week before releasing its report to the public, prompting the emergency update.

ForcedEntry isn't a run-of-the-mill exploit. It takes advantage of a massive security flaw in iMessage, Apple's built-in text messaging platform. The way it works is that a hacker sends an invisible text message to the intended victim, giving them unfettered access to everything on their device upon receipt, letting the hacker install spyware that could monitor their phone calls and even remotely access their cameras. The terrifying thing about these zero-click exploits is that the victims don't realize what's happened until it's too late. 

Your next upgrade

(Image credit: Future)

Best CPU for gaming: the top chips from Intel and AMD
Best graphics card: your perfect pixel-pusher awaits
Best SSD for gaming: get into the game ahead of the rest

The report also linked the NSO Group with another zero-click attack back in 2019. NSO found a similar vulnerability in Whatsapp and infected the phones of over 1400 users connected to a Human Rights Facebook group with its spyware. Currently, there's no telling on how many users' phones may have been targeted and/or compromised. NSO Group has denied all allegations of wrongdoing.

Citizen Lab's concludes its report with a call to action for regulation against companies like NSO Group:

"Our latest discovery of yet another Apple zero day (term for a computer-software vulnerability is known to interested parties) employed as part of NSO Group’s arsenal further illustrates that companies like NSO Group are facilitating 'despotism-as-a-service' for unaccountable government security agencies. Regulation of this growing, highly profitable, and harmful marketplace is desperately needed."

The best way to protect yourself and your Apple products right now is by making sure all your Apple devices have the current software update issued on Monday, September 13. Apple is expecting to announce a slate of new devices today, so it will be interesting to see if the company addresses the emergency fix in the keynote.

Jorge Jimenez
Hardware writer, Human Pop-Tart

Jorge is a hardware writer from the enchanted lands of New Jersey. When he's not filling the office with the smell of Pop-Tarts, he's reviewing all sorts of gaming hardware, from laptops with the latest mobile GPUs to gaming chairs with built-in back massagers. He's been covering games and tech for over ten years and has written for Dualshockers, WCCFtech, Tom's Guide, and a bunch of other places on the world wide web. 

Read more
Pipboy holds up an open padlock.
A BIOS update could be all that's stopping you or someone else from jailbreaking your old AMD CPU
Microsoft Windows 11
If you installed Windows 11 with certain security updates and a USB stick, you may not get any more security updates warns Microsoft
Mister Fantastic giving a thumbs up
A Marvel Rivals player has uncovered 'one of the most dangerous vulnerabilities a game can have' that'll let cheaters take over your PC and find your passwords
Netgear Nighthawk XR1000
Netgear says certain router owners should 'download the latest firmware as soon as possible' to patch a critical vulnerability
Three Magikarp Pokémon
The FBI used self-destruct on malware infecting over 4,000 US computers, it's super effective
Retro 1990s style beige desktop PC computer and monitor screen and keyboard. 3D illustration.
Microsoft nixes details of its Windows 11 TPM 2.0 security bypass though there are still other ways of getting the latest OS on 'unsupported' hardware
Latest in Security
An FBI wanted poster for alleged hacker Zhou Shuai.
US Justice Dept announces $10 million bounty on at-large 'hacker-for-hire' cabal it says targeted China critics, religious missionaries, and the Treasury
Kinzie, in an FBI jacket, uses a computer with the logo of the Third Street Saints on it
Have I Been Pwned adds over 284 million compromised passwords from latest breach
A still from a YouTube video of Senator Mark Warner speaking
Telecoms hack on US government officials is 'worst in nations history' and 'the barn door is still wide open' says senator
HDMI cable
Hackers can wirelessly spy on your display by collecting HDMI signal leaks and churning them through an AI, but I wouldn't break out the tin foil just yet
Computer code and text displayed on computer screens. Photographer: Chris Ratcliffe/Bloomberg
Forcing users to periodically change their passwords should go the way of the dodo according to the US government
An original Apple Macintosh Model M0001, as they celebrate 40th anniversary, is on display in between 2024 Apple models at the independent Apple products store chain Amac, on January 24, 2024 in Utrecht, The Netherlands. Based on the Motorola 68000 microprocessor, the Macintosh was the first successful mouse-driven computer with a graphical user interface.
Major browser providers scramble to patch an 18-year-old vulnerability affecting MacOS and Linux systems but Windows remains gloriously immune
Latest in News
Commander Shepard in Mass Effect 3.
Mass Effect's Jennifer Hale, who played femshep, 'saw no line' before she recorded them for Bioware's flagship trilogy: 'It was all cold reading on the spot'
A side by side comparison of two Asus Q-Release systems, with the original design on the top and the bottom showing the apparently new design.
Asus appears to have quietly changed the design of its Q-Release PCIe slot after claims of potential GPU pin damage
Microsoft's Task Manager in Windows 11
After years of complaints about Windows Task Manager displaying CPU utilization incorrectly, a fix is finally on its way
Sony RGB LED panel tech
Sony's fixing the wrong panel problems while showing off its new 'RGB LED' backlight tech with outrageous colours and brightness
Super Mario World
Super Nintendo consoles appear to be running ever-so-slightly faster as they age and speedrunning detectives are hot on the case
A photo of an Intel Core Ultra 9 285K processor surrounded by DDR5 memory sticks from Corsair, Kingston, and Lexar
Fresh leak suggests Intel's on-again-off-again Arrow Lake CPU refresh is back on the menu (boys)