SAN FRANCISCO — Apple is asking Mac users to update OS X and Safari immediately in order to fix a critical security issue.
A week ago, researchers at mobile security form Lookout and University of Toronto’s Citizen Lab announced the discovery of critical iOS security issues used to hack the iPhones of activists and journalists. Researchers traced the previously undiscovered exploits back to an Israeli “cyber war” company, the NSO Group.
NSO openly sells software that it says can track a person’s mobile phone — and many of its clients are governments.
The same day, Apple released an update to patch the issues for iPhones and iPads running iOS 9. Now, it appears the same vulnerabilities can be used on its Safari browser and OS X.
On Thursday, Apple released security updates for OS X Yosemite and OS X El Capitan. To install them, open the App Store on a Mac and click the Updates icon. There’s also an update for Safari 9.1.3. According to Apple’s Safari update description, the exploit means if you accidentally visit a malicious website — say after clicking on a link in a phishing email — an attacker can run code on your system.
If you have an iPhone running iOS 9 and haven’t already updated the OS to install the latest security patch, do it now.
The issue was first discovered when UAE human rights activist Ahmed Mansoor received suspicious text messages last month. One included a link with malware that, if opened, would give attackers access to his incoming and outgoing messages, the phone’s camera and microphone, and his location.
Regularly installing software updates is a vital part of keeping your systems secure. As tempting as it is to hit that “remind me later” button, don’t put off these updates.