On Thursday, Apple publicly released iOS 16.6.1, which brings no new features but fixes security vulnerabilities, as we previously reported. Interestingly, we now know that iOS 16.6.1 also fixes an exploit used by Pegasus spyware.
Exploit used to inject Pegasus spyware fixed with iOS 16.6.1
As reported by TechCrunch, Citizen Lab – a group that investigates government malware – has found a zero-click exploit on iOS that allows attackers to target victims with NSO Group’s Pegasus spyware. “The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim,” Citizen Lab wrote in a blog post.
Upon uncovering this vulnerability, Citizen Lab promptly reported it to Apple, which subsequently released a patch to address the issue with iOS 16.6.1. Apple attributed findings to Citizen Lab for bringing the matter to their attention.
“This latest find shows once again that civil society is targeted by highly sophisticated exploits and mercenary spyware,” Citizen Lab explains.
For those unfamiliar, Pegasus was developed with governments and law enforcement agencies in mind. The NSO Group doesn’t sell the spyware to regular users. Still, most of the countries that have purchased Pegasus are known to violate human rights, which puts people like journalists and political opponents in danger.
Back in November 2021, Apple sued NSO Group for creating and distributing the spyware.
Update your devices right now
iOS 16.6.1 is now available for iPhone and iPad users. To update your device, go to Settings > General > Software Update. Because of these important security fixes, we recommend updating your iPhone, iPad, Mac, and Apple Watch devices to the latest versions of their operating systems as soon as possible.