It turns out the major security hole that could let attackers take over iPhones affects Macs as well.
Apple fixed the iPhone issue with a software update to iOS 9.3.5. On Thursday, it quietly released an update for OSX that does much the same thing, with critical patches coming for the Safari browser and the kernel, or core of the operating system.
The updates for OSX patch three “zero-day” vulnerabilities, or unfixed bugs, that could allow an attacker to take over a victim’s computer. In order to pull that off, a user would just need to visit a “maliciously crafted website” – a poison link that would execute code without the user’s knowledge.
This is the same method researchers at Citizen Lab and Lookout Security found being used to spy on iPhone users with a hacking tool called Pegasus. In order for an iPhone to be hacked, a victim would only need to click a link from a text message.
As one of the researchers told Business Insider of Pegasus last week: “Once you get this software on your phone, it’s not your phone anymore.”
The malicious software tracked an incredible amount of data on an affected user. Every single text message, calendar entry, email sent through Gmail, or WhatsApp message was vacuumed up and sent back to whoever was behind the spying. It constantly updated and sent the user’s location from the phone’s GPS. And it even fully downloaded the user’s various passwords and stole the stored list of WiFi networks and passwords the phone connected to.