That Really Scary iOS Security Flaw Also Affects Your Mac

Apple Overtakes Google As World's Most Valuable Brand
SAN FRANCISCO, CA - MAY 09: A customer types on a MacBook laptop at an Apple Store following an announcement that Apple has become the world's most valuable brand on May 9, 2011 in San Francisco, California. In a report released by London based Millward Brown, Apple Inc. has surpassed Google to claim the top spot in a global ranking of brand value this year with an estimated value of more than $153 billion up 84 percent from last year. (Photo by Justin Sullivan/Getty Images)
Photograph by Justin Sullivan — Getty Images

The same security flaw that could have allowed hackers to steal your iPhone data without you knowing it also exists on the Mac.

On Thursday, Apple released a patch for a security flaw that would allow hackers to exploit flaws in its OS X desktop operating system, install spyware on the computer, and steal all kinds of data. The flaws Apple (AAPL) patches are the same it fixed in iOS 9.3.5 last week.

In a security note, Apple was loath to say much, stipulating—as it does with all security updates—that it doesn’t “disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available.”

However, the tech giant released patches to its desktop operating system that would have allowed hackers to find out where the kernel memory is stored in OS X Yosemite and OS X El Capitan, enabling them to run spyware with full administrator privileges.

Get Data Sheet, Fortune’s technology newsletter

In other words, anyone running a Mac should update their computers immediately.

The flaw was originally discovered last month after a human rights activist in the United Arab Emirates was targeted with a text message containing a link. Had Ahmed Mansoor, the activist, clicked the link, he could have given his hackers access to his operating system and allowed them to steal everything from phone call information to data he stored on his device. What’s worse, the spyware lives on undetected by the user and can uninstall itself once the hacker has obtained all the information he or she wants to collect.

Instead of clicking on the link, Mansoor sent the link to watchdog group Citizen Lab, which worked with security firm Lookout to identify the vulnerability. They reported that the tool the hackers were using is called Pegasus and was developed by a company that specializes in cyber weapons and sells those to governments for use against high-value targets.

After the two organizations identified the flaw and how it targeted both the iOS kernel and Apple’s own Safari browser, they informed the iPhone maker. Apple patched iOS 10 days later and those running iOS 9.3.5 are now believed to be safe from the hack.

However, it wasn’t clear whether the issue also affected Apple’s desktop operating system (which will soon be renamed to macOS) until Thursday, when Apple released the same patch and credited both Citizen Lab and Lookout for finding the flaw. Like the iOS version, which is believed to have been targeting devices for several years, the Mac version of the spyware is fully capable of stealing all user data.

For more about iPhone, watch:

Apple did not immediately respond to a request for comment on the patch.

Subscribe to Well Adjusted, our newsletter full of simple strategies to work smarter and live better, from the Fortune Well team. Sign up today.

Read More

Artificial IntelligenceCryptocurrencyMetaverseCybersecurityTech Forward