According to Citizen Lab‘s report, published last month, the security flaw allows someone to install spyware on your device without you having to do anything. By sending certain PDFs and PSD files disguised as GIFs sent via SMS, the spyware can make its way to your phone and all of your activity can be tracked.
Citizen Lab says government agencies could spy on groups like journalists, activists, and lawyers with the security flaw. This is believed to be the driving factor behind a targeted attack on Bahraini activists using NSO Group’s Pegasus spyware. In addition, it seems that the exploitation has been in active use since at least February 2021.
Apple notes in its release notes for these updates that “this issue may have been actively exploited,” so there’s a good chance some devices have been infected. Given how user input isn’t necessary for the spyware to make its way to your device, it’s important to update to patch the bug and secure yourself.
Of course, not every device will be running these versions of Apple’s operating systems in the next few weeks. Apple is expected to release a lineup of new OS versions, like iOS 15, by the end of the month. According to TechCrunch, Apple will be strengthening the security of these new software versions, so hopefully security loopholes like these won’t be possible in the future.