Security experts say that iPhone users should update their devices as soon as possible to deal with dangerous security flaws in its mobile operating system.
How to Update and What to Do
To install the iOS 16.6.1 update, open Settings on your iPhone, then select “General” followed by “Software Update.” You should see the iOS 16.6.1 software update there; tap to begin the installation.
If you don’t see the update, go back to the General page, then tap “About” to check your iOS version number. If it’s 16.6.1, you already have the update installed.
If your phone is still using 16.6 or an earlier version, repeat the above steps. If you still don’t see an update, try restarting your phone. If that doesn’t make the update appear, double-check your internet connection and then wait a bit before trying again.
Apple's update is available for the iPhone 8 and later, the iPad Pro, the iPad Air 3rd generation and later, the iPad 5th generation and later, and the iPad mini 5th generation and later versions.
More Details
"We attribute the exploit to NSO Group's Pegasus spyware with high confidence, based on forensics we have from the target device," said Bill Marczak, senior researcher at Citizen Lab, which is based at the University of Toronto's Munk School of Global Affairs and Public Policy, according to Reuters.Apple has since issued an emergency update for the security flaw. Researchers say iPhone users should download the patch as soon as possible.
The reasons why it's dangerous, according to researchers, is because Pegasus allows users to send attachments via iPhone's iMessage with hidden code to victims, known as BLASTPASS, which allows the spyware to control a device's functions. Citizen Lab warns that it can control an iPhone or another device "without any interaction from the victim."
"We urge everyone to immediately update their devices," it said. "We encourage everyone who may face increased risk because of who they are or what they do to enable Lockdown Mode."
"This latest find shows once again that civil society is targeted by highly sophisticated exploits and mercenary spyware. Apple’s update will secure devices belonging to regular users, companies, and governments around the globe. The BLASTPASS discovery highlights the incredible value to our collective cybersecurity of supporting civil society organizations."
The Israeli company has been blacklisted by the U.S. government since 2021 for alleged abuses, including surveillance of government officials and journalists. The firm's spyware has been under investigation for years because, according to researchers, it can take location data, photos, communications, texts, contacts, and videos from a device without the user's knowledge.
Several media organizations have said that NSO's spyware was used to target the devices of several world leaders and reporters in 2021, prompting House representatives to call for the firm to be blacklisted and sanctioned. Meta, Amazon, and Apple filed a lawsuit against NSO for what they said is exploiting a bug in its app.
Last week's Apple patch also fixed a problem with the Apple Wallet, which stores debit and credit card information. Details about the bug and the patch were not disclosed by the company.
