How to Update Your iPhone to iOS 14.8 and Detect Pegasus Spyware After New Hack

Apple device users are being urged to update their iPhones, iPads, Apple Watches and Macs as soon as possible, after security researchers discovered that they can be infected with Pegasus spyware.

NSO Group, an Israeli cyber surveillance company, is the creator of Pegasus, a spyware designed to covertly infiltrate a target's personal device, in order to gather highly personal data, such as passwords, emails and contact details.

Pegasus is also capable of tapping into devices' microphones and cameras.

Furthermore, a target isn't required to tap or click anything in order for their device to be infected with the spyware.

Researchers from The Citizen Lab reported the exploit, which it has dubbed "FORCEDENTRY," to Apple on September 7.

On Monday, September 13, Apple released a cluster of software updates for a multitude of its iPhone, iPad, iPod, Apple Watch and Mac models, which are designed to patch the vulnerability.

You can update your iPhone, iPad or iPod to the latest iOS 14.8 and iPadOS 14.8 software by navigating to Settings > General > Software Update, and following the on-screen instructions.

You can update your Apple Watch to watchOS 7.6.2 either on the device itself, by navigating to Settings > General > Software Update and following the instructions, or through your phone, by opening the Watch app and navigating to My Watch > General > Software Update.

The process is similarly straightforward on Mac devices, which you can update by launching Apple Menu and navigating to System Preferences > Software Update.

Citizen Lab believes the FORCEDENTRY exploit has been in use since February 2021, and possibly even earlier than that.

Its researchers first discovered the malicious software on the phone of a Saudi activist, who has not been named.

NSO Group sells the spyware to government security agencies, and claims on its website that it is used "exclusively by government intelligence and law enforcement agencies to fight crime and terror" and that it "develops best-in-class technology to help government agencies detect and prevent terrorism [with its technology having helped] break up criminal operations, find missing persons, and assist search and rescue teams."

In a statement to Reuters, NSO did not confirm or deny if it was behind the infiltration technique, adding that it would "continue to provide intelligence to law enforcement agencies around the world."

The Citizen Lab wrote in a blog post that NSO Group is "facilitating 'despotism-as-a-service' for unaccountable government security agencies."

In July, Amnesty International revealed that more than 50,000 people, including politicians, business executives and heads of state, were identified as targets by NGO Group's clients.

Amnesty International's researchers also found that Pegasus was installed on the phone of journalist Jamal Khashoggi's fiancee days after he was killed in the Saudi Consulate in Istanbul in 2018.

The human rights organization has released Mobile Verification Toolkit, a free tool that can be used to work out if an iOS or Android device has been infected with Pegasus spyware.

It is, however, intended for use by investigators with technical expertise, rather than the general public, and the process is lengthy and somewhat convoluted, requiring a detailed set of instructions.

Two men walking looking at their phones
Apple has released updates for its iPhone, iPad, iPod, Apple Watch and Mac devices after it was discovered that they were vulnerable to Pegasus spyware. ultramansk/iStock