A recent bug in iPhone devices left users vulnerable to a hacking software—called “Pegasus”—that would turn devices into a mobile surveillance gadget by releasing three zero-day bugs to gather personal data. Now, the same security threat reportedly affects Mac desktop and laptops as well.
In response to the iPhone security threat, Apple rolled out a software update—the current 9.3.5 version—which would protect users from the undetectable virus. "The software leaves absolutely no indicators of compromise to the user," said Mike Murray, vice president of security research and response at mobile security firm Lookout, to Business Insider.
Similar to its response to the iPhone vulnerability, Apple released an OSX update on Thursday that will protect Macs from the hacking software. Those with Apple desktop and laptop devices should download Security Update 2006–001 for El Capitan and Security Update 2006–005 for Yosemite, which will stop applications from revealing kernel memory. There is also a Safari 9.1.3 update for El Capitan, Yosemite, and OS X 10.9.5 Mavericks—this update takes care of the memory corruption issue that would leave devices vulnerable.
“Pegasus is the most sophisticated attack we’ve seen on any endpoint because it takes advantage of how integrated mobile devices are in our lives and the combination of features only available on mobile — always connected (WiFi, 3G/4G), voice communications, camera, email, messaging, GPS, passwords, and contact lists,” write Lookout and Citizen Lab, the security firms that first uncovered the iOS flaw, in a blog post. “It is modular to allow for customization and uses strong encryption to evade detection.”
Users who have not updated their phone or computers should do so immediately and have likely received an auto-update prompt from Apple on their device. If the devices are not updates, consumers are at risk of letting their gadgets get remotely hacked.