Apple Patches OS X To Fix Spyware Exploit Previously Squashed In iOS 9.3.5 Update
One of those updates is 2016-001 for El Capitan and the other is 2016-005 for Yosemite. According to Apple's release notes, left unpatched an application may be able to disclose kernel memory and could allow a hacker to execute arbitrary code with kernel privileges. Citizen Lab and Lookout are credited for discovering both vulnerabilities.
These are the same vulnerabilities that were patched in iOS. Without the patch, a hacker could take complete control of an iPhone and spy on users by reading text text messages and emails, tracking calls and contacts, recording sounds, collecting passwords, and tracking the location of the mobile phone user.
Apple is now urging all El Capitan and Yosemite users to update their desktops to prevent cybercriminals from installing spy software on their systems. The software itself is called Pegasus and is considered rather sophisticated. It's not a theoretical threat, either—Pegasus is sold to governments by an Israeili surveillance company called NSO Group Technologies
The company was founded five years ago by a pair of entrepreneurs who sold the outfit for $120 million last year. NSO Group is known to frequently change its name to remain a "ghost."