What is the Apple 'zero-click' spyware? Flaw in iPhone allows hackers to access devices

By Jack Gevertz

Tech giant Apple has moved quickly to patch a flaw in some of its devices’ systems which would have allowed hackers to gain access.

Researchers at the University of Toronto’s Citizen Lab found the vulnerability after analysing the phone of a Saudi activist.

The researchers have since disclosed the flaw to Apple and the company has released a software patch for users.

Read more: When will the iPhone 14 be released? Details leaked online

Still, you may want to learn more about this flaw in Apple’s systems. What did the flaw allow hackers to do? What Apple devices are affected? What has Apple done since being alerted to the flaw? Here’s what we know.

What is the ‘zero-click’ Apple spyware?

The ‘zero-click’ Apple spyware allowed hackers to access devices using the iMessage service even if the affected phone’s user did not click on a file or website link.

Researchers found that hackers had exploited the flaw to put spyware on a Saudi activist’s phone. They were able, it says, to remotely exploit and infect the device with the spyware.

Which Apple devices are affected?

According to the researchers, all iPhones with iOS before 14.8, all Mac computers who have OSX Big Sur 11.6, Security Update 2021-005 Catalina and all Apple Watches that had the operating system software before WatchOS 7.6.2.

What has Apple done since being alerted to the flaw?

In a blog post on its website , Apple said it has been alerted to a flaw which may be “processing maliciously crafted web content.”

It added: “Apple is aware of a report that this issue may have been actively exploited.”

The company has since issued a software patch to resolve the issue, which is for use across its products and devices.

Posting on its website, the Toronto research team said their findings highlight the ‘paramount importance of securing popular messaging apps’.

It added: “Ubiquitous chat apps have become a major target for the most sophisticated threat actors.

“As presently engineered, many chat apps have become an irresistible soft target. Without intense engineering focus, we believe that they will continue to be heavily targeted, and successfully exploited.”


What is inkl?

Important stories

See news based on value, not advertising potential. Get the latest news from around the world.

Trusted newsrooms

We bring you reliable news from the world’s most experienced journalists in the most trusted newsrooms.

Ad-free reading

Read without interruptions, distractions or intrusions of privacy.