By Isabel Van Brugen
Apple users are being encouraged to update their devices after researchers discovered a security flaw that could allow hackers to secretly install spyware without targets knowing.
The company on Monday released an emergency patch to the vulnerability flaw that allowed advanced spyware to be installed into users’ Apple devices, including iPhones, iPads, Macs, and Apple Watches.
It comes after security researchers at Citizen Lab at the University of Toronto last month uncovered the security flaw that they believe has been used by government clients of Israeli spyware company NSO Group to secretly hack into devices since February.
The researchers were examining the phone of a Saudi activist when they discovered the exploit, and subsequently shared their findings with Apple.
According to Citizen Lab, researchers found that in some cases, NSO Group’s Pegasus malware-infected targeted Apple devices without the users taking any action—what’s known as a zero-click vulnerability. The malware enables hackers to gather a target’s personal information and listen into and read calls and messages.
According to U.S. Cybersecurity and Infrastructure Security Agency (CISA), an attacker could exploit these vulnerabilities to take control of an affected device.
“CISA is aware of public reporting that these vulnerabilities may have been exploited in the wild,” it said.
The speed with which Apple was seeking to find a solution its operating system’s vulnerability highlighted the “absolute seriousness” of the Citizen Lab’s findings, researchers said.
“Today is going to be a rough day at NSO because the lights are going to go out on one of their most productive exploits,” John Scott-Railton, a senior Citizen Lab researcher, told The Guardian.
NSO Group was the focus of recent reports by a media consortium that found the company’s spyware tool Pegasus was used in several instances of successful or attempted phone hacks of business executives, human rights activists, and others around the world.
Those investigations, based on leaked data obtained by the Paris-based journalism nonprofit Forbidden Stories and the human rights group Amnesty International, sparked widespread condemnation of the company.
In July, some 1,000 protesters in Hungary’s capital demanded answers to allegations that the country’s government used Pegasus to secretly monitor critical journalists, lawyers, and business figures. India’s parliament also erupted in protests as opposition lawmakers accused Prime Minister Narendra Modi’s government of using NSO Groups’ product to spy on opponents and others.
The group in a statement to multiple news outlets didn’t address the allegations, but said it will “continue to provide intelligence and law enforcement agencies around the world with life-saving technologies to fight terror and crime.”
The Epoch Times has contacted NSO Group for additional comment.
Apple on Monday, without mentioning NSO Group, issued a patch seeking to fix the vulnerability.
“After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users,” Ivan Krstić, head of Apple Security Engineering and Architecture, told USA TODAY in a statement.
“Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals,” Krstić added, noting that the exploit will not affect “the overwhelming majority of our users.”
Last month, human rights experts working with the United Nations called on countries to pause the sale and transfer of spyware and other surveillance technology until governments “put in place robust regulations that guarantee its use in compliance with international human rights standards.”
The Associated Press contributed to this report.
Affiliate News Feeds
- Internet of Things
- Industry News
The tech titan Amazon used its show in Las Vegas to talk about watery matters, supply chains and much more. The post AWS re:Invent 2022: A tiered tour of technology… [...]
In a recent interview with Ravi Pendekanti, SVP of Product Management & Marketing at Western Digital, he explained how they have expanded their HDD technology to lower total cost of… [...]
Our picks for the top Amazon Cyber Week deals to ease the stress of those who work from home. The post 5 Amazon Cyber Week deals sure to make remote… [...]
UK-based IoT connectivity platform provider seeks élan and style by snapping up French firm. The post Wireless Logic continues acquisition spree with IoThink Solutions deal appeared first on TechRepublic. [...]
Consider securing your remote work setup with a three-year subscription to a top VPN. Windscribe Pro is more than 70% off today only. The post Lock in 3 years of… [...]
The company’s products seek to address real-time data transport, edge data collection instruments. The post NVIDIA unveils supercomputing and edge products at SC22 appeared first on TechRepublic. [...]
An account takeover (ATO), in which criminals impersonate legitimate account owners to take control of an account, are on the rise in Asia and across the world. Fraudsters are swindling… [...]
Experts warn that API attacks will soon become the most common type of web application attack. As a result, organizations and their security vendors need to align across people, processes,… [...]
Read how to install the Trello app in macOS and why it will make your project management even easier. The post How to install the Trello app on macOS and… [...]
Find out if one of these top seven Wrike alternatives are an ideal project management solution for you and your team. The post Top 7 Wrike alternatives for project and… [...]