Cybersecurity in the News: Apple's Zero-Day Vulnerability Explained

Citizen Lab is encouraging Apple users to update their devices following Apple's recently released security updates. The urgent push for this is due to the fact that this update resolved a zero-day vulnerability which was found by Citizen Lab. This issue impacts all devices made by the fruit-named tech giant. The iOS being pushed out,14.8, is said to fix at least one vulnerability that is believed to have been exploited by malicious actors. If you own an iPhone, Apple Watch, or any other products made by this company, it is best to get your devices updated as soon as possible to avoid this vulnerability.

This discovered vulnerability impacts the iMessage feature where spyware known as Pegasus infiltrates unsuspecting cell phone users' phones. Pegasus is a malicious form of spyware developed by a private contractor for use by government agencies. Like other spyware, Pegasus watches what the victim does on their phone and reports back private information like messages and photos to the creators of the program -- in this case, those creators are Israel-based NSO Group and as mentioned above, they are for-hire for government agencies that are in search of such a malicious service. NSO Group claims that the software can’t be traced back to the specific government agency using it. This gross program allows governments to spay on citizens without them being aware.

The vulnerability is certainly worrying, as no one wants to be spied on by anyone, particularly unknown government agencies doing undefined things with this information. As mentioned above, this is what is known as a zero-day vulnerability, but what does this mean? A zero-day vulnerability is a type of flaw either not clearly communicated to people who are likely victims or the term refers to a known issue that has not yet been patched. These vulnerabilities are scary because they describe a period of time in which malicious actors can simply come and go and take what they like as they please -- security is nonexistent and cybercriminals roam free.

When it comes to zero-day attacks, it can be hard to figure out how to protect against them since they are somewhat unique. There are a few things you can do to try and protect against these attacks. As mentioned above, the guidance from Citizen Lab is to update your devices with Apple's newest software. While this is reactive advice in this instance, it presents a good base to keep in mind -- ensure you always update your devices and networks so that they are equipped with the most current data available. Another way businesses can prevent one of these attacks being as impactful as it could be is by having adequate backups which are also updated often and kept on a separate network or location than the rest of your data. Be sure to use strong firewalls and keep these up-to-date as well so that they can act as your first line of defense against a zero-day vulnerability trying to hurt your business.

Image by Dragana_Gordic for Freepik.