Why did this take so long? The alternate thread pointing at the citizenlab report [1] says that "In March 2021, we examined... and determined that they had been hacked"

It's September. The NYTimes says: "Apple’s security team has been working around the clock to develop a fix since Tuesday, after researchers at Citizen Lab, a cybersecurity watchdog organization at the University of Toronto, discovered that a Saudi activist’s iPhone had been infected with spyware from NSO Group."

So has Apple been sitting on this since March, or has CitizenLab?

[1] https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage...

As the story clearly indicates, they re-examined backups and recently made a very valuable discovery that everyone should be extremely thankful for. And Apple turned around a worldwide patch for a billion plus devices in less than a week after being notified.

I'd rather the flaw wasn't there in the first place, but a remarkable effort by both parties given that it was there.

That's fair. I am appreciative. I was just shocked by the timeline but glad this was resolved

immediately after the bit you quote:

> Recent re-analysis of the backup yielded

Further down has the timeline of when Apple was informed and acted.

EDIT: and for completeness link to the mentioned other discussion, which makes this a dupe: https://news.ycombinator.com/item?id=28516095

Maybe the fearmongers are right, and we've truly reached a post-privacy world. Frankly, I don't know how else you'd describe it: your phone, smartwatch or computer can all be silently hacked without your knowledge (or any easy way to verify that you're infected). You can't visualize or control how your personal data is propagated, and the cherry on top is that it's all a laissez-faire exploit carnival. I don't know if it's fair to call Apple culpable here, but it is fair to say that your phone (and data) is at risk.

On a sidenote: If you would like to read this article without giving away your email address or signing in, activate the 'Reader' option in your browser.

Or disable JavaScript.

Or install the bypass news paywalls extension. https://github.com/iamadamdev?tab=repositories

Or go to your local newsstand, pick up a copy, and leave without paying for it.

It should be mandatory to notify people if they've been exploited when updating, also give better info on this incident no?

A normal smaller tech company is expected to create an advanced description of what happened. Apple doesn't give any info at all to regular users, no one i know has heard about this, not even seen a "very important to update" message, just a silent "update 11.6".

In my mind everyone with an Apple device should get a huge warning pop up on their screen with the text "everything on your computer has been potentially compromised - update now to remedy (for now at least)" in all caps.

iOS 14.8: https://support.apple.com/en-us/HT212807

macOS 11.6: https://support.apple.com/en-us/HT212804

I'm not seeing a software update on my iPhone?

If it's a managed device, the owning organization can block it. If it's a personal device you may have to dig into the settings to explicitly update it, or they're staggering the release.