SINGAPORE – Those using Apple products are being urged to install the latest security updates after two vulnerabilities were found to have been exploited in tandem to deploy spyware.
The Singapore Cyber Emergency Response Team (SingCert) issued an alert on Friday saying that the vulnerabilities affected a range of products, including iPhones, iPads, the Mac range of computers and laptops, as well as the Apple Watch.
University of Toronto-based Citizen Lab reported on Thursday that it had discovered the vulnerabilities a week earlier when it looked into the Apple device of an employee of a Washington-based civil society organisation.
The spyware can let external parties access an infected device, enabling them to view photos, videos, e-mail and messages, even if they were sent through applications that offer encrypted communication.
It can also record conversations made on or near a device, tap its cameras and determine the user’s location.
In 2018, Citizen Lab reported that suspected Pegasus spyware infections were found in 45 countries, including Singapore.
The latest vulnerabilities allow attackers to install the spyware by sending attachments containing maliciously designed images through iMessage.
Citizen Lab said it would publish further details in the future, adding that it had immediately disclosed its findings to Apple and assisted with the tech giant’s investigation.
The devices affected are:
iPhone 8 and later
iPad Pro (all models)
iPad Air (third generation and later)
iPad (fifth generation and later)
iPad mini (fifth generation and later)
Macs running macOS Ventura
Apple Watch Series 4 and later
In its report, Citizen Lab urged Apple owners to immediately update their devices.
Those who are at an increased risk of such attacks owing to their identities or the work they do are, meanwhile, encouraged to enable Lockdown Mode, which Apple confirmed would protect them.
On its website, Apple described Lockdown Mode as “extreme protection”, although it added that most people would never be targeted by digital threats like this.
Once enabled, several functions become limited, including incoming FaceTime calls, and most message attachments are blocked.
Web browsing will also be curtailed, with websites loading slower or not operating correctly.
The drastic measure was not recommended by SingCert, which instead advised Apple users to enable automatic software updates.
This can be carried out by going to settings > general > software update > enable automatic updates.
Join ST’s WhatsApp Channel and get the latest news and must-reads.
content: ” “;
font-family: “SelaneWebSTForty”, Georgia, “Times New Roman”, Times, serif;