Apple releases urgent update after spying malware uncovered

The Trident Mac hack could turn desktops into spying devices

Apple has issued an urgent security update to Mac desktop and laptops running on OS X El Capitan and Yosemite following the discovery of a vulnerability that could transform devices into spying tools.

The hack has been described as the "most sophisticated spyware" ever seen and is accessed by the user clicking on a malicious link in the Safari web browser. This link triggers spyware called "Pegasus" to start running, which can then use a flaw in the machine's OS X software to run two other exploits. These allow access to the computer's kernel, which means the criminal can view everything, from bank details, their current location and more.

Apple's security notes page recommends all users of Macs running on El Capitan or Yosemite install the update, Security Update 2016-001 for El Capitan and Security Update 2016-005 for Yosemite as soon as they can.

The Safari browser has also been patched to stop criminals using that as a gateway too. The flaw was discovered by Lookout and Citizen Lab.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The hack the same as one that was discovered on iPhones last week, allowing criminals to take control of the devices and watch the user, monitoring the apps they use and information they enter into their smartphone. Apple quickly released an update to stop hackers using the Trident vulnerability. Like this potential hack on desktops, Trident could use apps such as Gmail, Facebook and WhatsApp to spy on whatever the user is doing.

So far, the hack has only been seen targeting one person, Emirati civil rights activist Ahmend Mansoor. However, it could conceivably be in use in the wild spying on other individuals who don't realise they have been attacked.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
Visit/policy-legislation/general-data-protection-regulation-gdpr/354577/data-protection-fines-hit-ps100m
General Data Protection Regulation (GDPR)

Data protection fines hit £100m during first 18 months of GDPR

20 Jan 2020