Stupid Simple Security Tips #32 – The Threat is No Myth

by | Sep 17, 2021


Apple has just issued an urgent software update addressing a critical cyber threat to its entire product line – make sure you update, pronto!

Utilizing a flaw identified in iMessage, this zero-click exploit (known as “Pegasus”) can place untraceable spyware onto most any Apple device (iPhones, iPads, Macs, and Apple Watches – your ancient iPod should be safe).

Zero-click exploits are particularly menacing, as they require no action or permission from the user – they are installed and controlled entirely by remote hackers.

Once activated, this script (code-named “FORCEDENTRY”) can upload anything from a victim’s phone to the perpetrators’ cloud servers. It can also record phone calls or turn on a device’s camera and microphone at will.

The malware was unearthed by researchers with The Citizens Lab and can be blocked by Apple’s patch — downloadable directly via Apple’s update page or installed through your system settings/preferences under “Software Update.”

If you haven’t done so yet, please update immediately and forward the info to fellow Apple users.

For years I’ve warned Apple-using clients that while their devices are safer than Windows or Android systems, they are not invulnerable; news like this only drives home that point.

Even on a Mac, you need to scan your system regularly for suspicious code and regularly check/install updates for your OS and software – services that are included in BobaGuard’s eight-layer cybersecurity stack (also available for any of GlobalMac IT’s Managed Services Clients).

OK– now that you’re updated, take a deep breath, and don’t overreact to the Pegasus exploit.

It is a dangerous and nefarious military-grade threat…but one currently available only to nation-state clients of an authorized Israeli cyber-arms dealer (the NSO Group). As such, its use is rare and restricted to high-value intelligence targets (unless employed unethically against dissidents, journalists, or individuals of personal interest to unscrupulous leaders).

Of course, that was the same limited threat profile of the NSA’s EternalBlue spyware until it leaked to the web and became an underworld hacking super tool.

It may only be a matter of time before Pegasus programs are similarly available to criminal elements, so prepare now. Update your systems, patch your software, and subscribe to a turnkey service provider who will vigilantly stay apprised of the landscape and help keep you safe.