A serious security flaw, known as a Remote Code Execution (RCE) exploit, has been discovered in iPhones, iPads, and Mac computers. This flaw allows attackers to install unwanted apps and steal data using links in malicious email messages and malicious websites. Please update your Apple devices to the latest software version immediately to protect yourself and your data. Sophos’s Naked Security blog has additional information:

“Web-based RCE exploits generally give attackers a way to lure you to a booby-trapped website that looks entirely unexceptionable and unthreatening, while implanting malware invisibly simply as a side-effect of you viewing the site.

A web RCE typically doesn’t provoke any popups, warnings, download requests or any other visible signs that you are initiating any sort of risky behaviour, so there’s no point at which attacker needs catch you out or to trick you into taking the sort of online risk that you’d normally avoid.

That’s why this sort of attack is often referred to as a drive-by download or a drive-by install.

Just looking at a website, which ought to be harmless, or opening an app that relies on web-based content for any of its pages (for example its splash screen or its help system), could be enough to infect your device.”

Full story: https://nakedsecurity.sophos.com/2023/02/14/apple-fixes-zero-day-spyware-implant-bug-patch-now/