Why you need to update your Apple devices right away

The new Apple iPhone Xs (L) and iPhone Xs Max (R) are displayed during an Apple special event at the Steve Jobs Theatre on September 12, 2018 in Cupertino, California.
The new Apple iPhone Xs (L) and iPhone Xs Max (R) are displayed during an Apple special event at the Steve Jobs Theatre on September 12, 2018 in Cupertino, California. Photo credit Justin Sullivan/Getty Images

Don’t wait to install the newest update to your Apple devices.

More details have emerged about the latest software patch which Apple is urging users to download after its security was reportedly breached by an invasive spyware group.

The update, called iOS 14.8, iPadOS 14.8, WatchOS 7.6.2, or MacOS Big Sur 11.6 across its various devices, protects against spyware built by NSO Group, an Israeli technology firm.

"Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited,” the company said.

The vulnerability was detected by Citizen Lab, a public interest cyber security group, which discovered that a Saudi activist’s phone had been infected by Pegasus, NSO Group’s best known product. The exploit, which the company named “FORCEDENTRY”, targets Apple’s image rendering library through iMessage, the tech giant’s texting and messaging application.

The breach could allow hackers to secretly install spyware on users’ devices even without them clicking on anything to trigger it. The spyware would then be able to eavesdrop or steal data from the user's device.

Citizen Lab said the exploit has been used since February.

Apple issued an update on Monday which protects users against the threat, though the company noted that most users are not in danger. Citizen Lab urged all users to download the new software immediately.

"After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users," Ivan Krstić, head of Apple Security Engineering and Architecture, told USA TODAY. "Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals.”

He credited Citizen Lab for obtaining the exploit "so we could develop this fix quickly."