Photograph by Justin Sullivan — Getty Images

It's time to update.

By Don Reisinger
September 2, 2016

The same security flaw that could have allowed hackers to steal your iPhone data without you knowing it also exists on the Mac.

On Thursday, Apple released a patch for a security flaw that would allow hackers to exploit flaws in its OS X desktop operating system, install spyware on the computer, and steal all kinds of data. The flaws Apple AAPL patches are the same it fixed in iOS 9.3.5 last week.

In a security note, Apple was loath to say much, stipulating—as it does with all security updates—that it doesn’t “disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available.”

However, the tech giant released patches to its desktop operating system that would have allowed hackers to find out where the kernel memory is stored in OS X Yosemite and OS X El Capitan, enabling them to run spyware with full administrator privileges.

Get Data Sheet, Fortune’s technology newsletter

In other words, anyone running a Mac should update their computers immediately.

The flaw was originally discovered last month after a human rights activist in the United Arab Emirates was targeted with a text message containing a link. Had Ahmed Mansoor, the activist, clicked the link, he could have given his hackers access to his operating system and allowed them to steal everything from phone call information to data he stored on his device. What’s worse, the spyware lives on undetected by the user and can uninstall itself once the hacker has obtained all the information he or she wants to collect.

Instead of clicking on the link, Mansoor sent the link to watchdog group Citizen Lab, which worked with security firm Lookout to identify the vulnerability. They reported that the tool the hackers were using is called Pegasus and was developed by a company that specializes in cyber weapons and sells those to governments for use against high-value targets.

After the two organizations identified the flaw and how it targeted both the iOS kernel and Apple’s own Safari browser, they informed the iPhone maker. Apple patched iOS 10 days later and those running iOS 9.3.5 are now believed to be safe from the hack.

However, it wasn’t clear whether the issue also affected Apple’s desktop operating system (which will soon be renamed to macOS) until Thursday, when Apple released the same patch and credited both Citizen Lab and Lookout for finding the flaw. Like the iOS version, which is believed to have been targeting devices for several years, the Mac version of the spyware is fully capable of stealing all user data.

For more about iPhone, watch:

Apple did not immediately respond to a request for comment on the patch.

SPONSORED FINANCIAL CONTENT

You May Like