Apple Patches OS X To Fix Spyware Exploit Previously Squashed In iOS 9.3.5 Update

Apple's been keeping itself busy patching up security holes in its software, both for mobile and on the desktop. Just last week, Apple rolled out an update for iOS—version 9.3.5—that patched up several critical security and privacy exploits, and now there's a pair of updates for OS X that addresses the same security issues.

One of those updates is 2016-001 for El Capitan and the other is 2016-005 for Yosemite. According to Apple's release notes, left unpatched an application may be able to disclose kernel memory and could allow a hacker to execute arbitrary code with kernel privileges. Citizen Lab and Lookout are credited for discovering both vulnerabilities.

OS X El Capitan

These are the same vulnerabilities that were patched in iOS. Without the patch, a hacker could take complete control of an iPhone and spy on users by reading text text messages and emails, tracking calls and contacts, recording sounds, collecting passwords, and tracking the location of the mobile phone user.

Apple is now urging all El Capitan and Yosemite users to update their desktops to prevent cybercriminals from installing spy software on their systems. The software itself is called Pegasus and is considered rather sophisticated. It's not a theoretical threat, either—Pegasus is sold to governments by an Israeili surveillance company called NSO Group Technologies

The company was founded five years ago by a pair of entrepreneurs who sold the outfit for $120 million last year. NSO Group is known to frequently change its name to remain a "ghost."

Via:  Apple
Show comments blog comments powered by Disqus