Mac users vulnerable to state-sponsored Trident attack, fixed in iOS last week. Patch now

No excuses. Patch your Mac computers and Apple mobile devices.

Graham Cluley
Graham Cluley
@[email protected]

Mac users vulnerable to state-sponsored Trident attack, fixed in iOS last week. Patch now

Remember the critical security holes that Apple patched in iOS last week after a human rights activist had his iPhone targeted in a seemingly state-sponsored attack?

Ahmed Mansoor received two suspicious SMS messages on his iPhone, directing him to websites containing a zero-day iOS exploit. Researchers connected the attack to Israeli-based firm NSO Group, and dubbed the vulnerabilities “Trident”.

Well, Apple has now quietly rolled-out a further security update revealing that the zero-day flaws are also present in Apple’s OS X desktop operating system, as well as the desktop version of their OS X Safari browser.

Sign up to our free newsletter.
Security news, advice, and tips.

My advice to Apple users? Make sure that your Macs, MacBooks, iPhones and iPads are up-to-date.

On OS X the easiest way to update your computer is to open the App Store app on your Mac, then click Updates in the toolbar. If updates are available, click the Update buttons to download and install them.

On iOS go to Settings > General > Software Update.

You may not be a human rights activist, but the fact that it took Apple *days* to issue a fix for OS X users after patching the same vulnerabilities in iOS has opened an opportunity for others to potentially exploit them against desktop users.

In an ideal world, Apple would have patched its mobile and desktop operating systems at the same time.

What we don’t know is whether Apple didn’t know the vulnerability was also present in OS X when it issued the iOS fixes, or whether it made the difficult decision to urgently update iOS even though its equivalent OS X fixes weren’t yet ready.

Found this article interesting? Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.

Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.