Update your iPhone now! Pegasus malware may be tracking your location

iphone 14 malware
(Image credit: Apple/Canva)

If your iPhone is currently running the latest version of iOS (16.6), you need to update your phone right away. Apple just issued an urgent security update to fix a zero-click vulnerability that enabled NSO Group’s Pegasus spyware to infiltrate iPhones without any interaction from users. Pegasus spyware can track your location, monitor and record your calls and messages, and access your camera and microphone, so download the latest update as soon as possible to protect your device.  

This zero-click vulnerability was identified by the University of Toronto’s Citizen Lab, who promptly notified Apple of its discovery and published a blog post with specific details and tips for iPhone users. Although Apple didn’t give many specifics in its security update post, the company did give credit to Citizen Lab for its assistance.

How was this iPhone security bug discovered?

Last week, Citizen Lab became aware of the zero-click vulnerability when checking an iPhone that belonged to someone working for a Washington DC-based civil society organization. The organization could tell that this vulnerability was “being used to deliver NSO Group’s Pegasus mercenary spyware.”

This scary exploit was capable of infiltrating iPhones running iOS 16.6 “without any interaction from the victim.” Because users don’t have to do anything to allow Pegasus spyware to hop on to their device, it’s referred to as a zero-click vulnerability. Citizen Lab goes on to explain that this malicious attack included PassKit attachments containing harmful images sent from an attacker’s iMessage account to various victims.

In the blog post, Citizen Lab writes that a more detailed discussion will be published in the future regarding this particular exploit chain, which the organization labeled BLASTPASS. That said, you definitely shouldn’t wait for details before updating your device. Regardless of what the minute details tell us, we know that iPhones running iOS 16.6 are at risk right now and the only safeguard is updating your device. 

Citizen Lab does recommend enabling Lockdown Mode on your iPhone if you believe you’re at higher risk of being spied on because of your job or your title. The organization states “We believe, and Apple’s Security Engineering and Architecture team has confirmed to us, that Lockdown Mode blocks this particular attack.” Even if you don’t have a high-risk job, you can always enable Lockdown Mode if you just want to take extra precautions. 

Updating your iPhone and enabling Lockdown Mode should be your first two actions, but you can also perform an emergency safety check on your iPhone to disconnect apps and unwanted people from your device. With this security bug news for iOS 16, we’re even more excited to see these game-changing security features debut in iOS 17 following Apple's September 2023 event on Tuesday.