Apple has issued a software update to patch the flaw Credit: David Rose
A pple has released an urgent update to its desktop operating systems and the Safari web browser to block ahack that could have turned the machines into spying tools.
The security flawaffects the El Capitanand YosemiteMac operating systems, and is the same that could have let hackers take complete control of iPhone devices ,which Apple fixedwith the iOS 9.3.5 update last week.
The Silicon Valley giant quietly released the update to the Mac software and Safari a week after its iPhone patch without addressing the delay.
Apple has urged customers with devices that are not running iOS 9.3.5, OS X 10.11.6 El Capitan and 10.10.5 Yosemite to update their software immediately to protectpotential malicious actors from spying on them.
The flaws affect computers running the El Capitan and Yosemite operating systems Credit: David Rose
D escribed as the "most sophisticated spyware" ever seen , the hack exploits three software vulnerabilities, present across the devices because Apple reuses a lot of the same code,that couldlet a hacker take control over the compromised device with the tap of a finger.
Mobile security company Lookout and internet watchdog group Citizen Lab discovered the hack after a failed attempt to break into human rights activist Ahmed Mansoor's iPhone using it.
When Mansoor received a suspicious text that said "New secrets about torture of Emiratis in state prisons" alongsidea link, he forwarded the message to a researcher at Citizen Lab , whoclicked on the link and analysed the hack as it unfolded.
The text received by Mansoor Credit: Citizen Lab
A pple warned that visiting a "maliciously crafted website" in the Safari web browser could lead hackers use a similar method to install spy software on a computer.
Clicking the link on a phone or computer activates a piece of espionage software called "Pegasus" that can take advantage of a memory vulnerability in the iOS and OS X software to run two further exploits that can locate the kernel, the core of the operating system, and gain access to it.
Everything that the software can attack Credit: NSO
O nce inside the kernel, a malicious actor couldread a users messages, access their bank details and track their location, among other things.
Israeli surveillance company NSO Group Technologies, which sells spying software to governments,is suspected of having created the exploit. The company claims to only sell its programs to "authorised governmental agencies, and fully complies with strict export control laws and regulations".
How to protect yourselfT o update your software on your computer go open the App Store -> Updates -> install Security Update 2016-001 10.11.16.
And if you are yet to update the software on your iPhone or iPad you can do so by going to Settings -> General -> Software Update and upgrade to iOS 9.3.5.
Follow The Telegraph Science & Tech
