Apple on Thursday issued security updates for OS X 10.11 El Capitan, OS X 10.10 Yosemite, and the Safari browser. It turns out, the patch fixes a security hole in OS X that last week’s iOS patch fixed in mobile devices.
Both patches addresses a vulnerability dubbed “Pegasus” that could allow bad guys to take over a device or computer with just one click.
“It basically steals all the information on your phone, it intercepts every call, it intercepts every text message, it steals all the emails, the contacts, the FaceTime calls,” mobile security company Lookout’s Vice President of Research Mike Murray told reporters last week.
The malware can steal information from the Gmail app, Facebook messages, other Facebook information, such as Facebook contacts, information from Skype, WhatsApp, WeChat, and other apps.
“Pegasus” was discovered due to a targeted attack on the device of Ahmed Mansoor, a human rights activist from the United Arab Emirates, which came in the form of a text message that included a link. Mansoor was suspicious of the source, and didn’t click the link, instead forwarding it to Bill Marczak, a researcher at Citizen Lab, a digital rights watchdog at the University of Toronto’s Munk School of Global Affairs.
It turns out the link was malicious, and if clicked, would have launched a three-pronged attack on Mansoor’s device accessing the data on the iPhone. Citizen Lab and Lookout informed Apple of the vulnerabilities on August 15.
Mac users are strongly urged to immediately download the security updates from the Mac App Store. (Start the Mac App Store app, and click the “Updates” tab to check for the updates.)