wordpress blog stats
Connect with us

Hi, what are you looking for?

Spyware flaw in Apple devices prompts emergency security updates from company

All Apple users were urged to immediately update their devices after the discovery of a flaw used to plant surveillance software.

Apple released an emergency security update on September 13 after researchers uncovered a vulnerability in iMessage last week that allowed Pegasus to infect iPhones, iPads, Apple Watches, and Macs, the New York Times has reported. Israel-based NSO Group was exploiting the flaw to install Pegasus on Apple devices in a ‘zero-click attack’, which doesn’t even require a single click from the targetted user, the report revealed.

Researchers at The Citizen Lab, University of Toronto, first spotted this vulnerability on September 7 through a Saudi activist’s iPhone, on which Pegasus had been installed on the a zero-click attack in February. The finding implies that more than 1.65 billion Apple products in use worldwide have been vulnerable to Pegasus spyware at least since March.

Apple routinely markets iOS as the more secure alternative to other operating systems like Android. But the latest versions of iOS released as recently as May this year remained vulnerable to NSO’s zero-click attack, according to Citizen Lab. The emergency update should stop Pegasus from infecting Apple devices in the future, but the vulnerability raises questions about the scale at which Pegasus spyware operates and the range of infected devices.

Apple users urged to update devices immediately

To fix the security flaw in Apple devices, the company has released iOS 14.8 and iPadOS 14.8, alongside WatchOS 7.6.2, MacOS Big Sur 11.6, and a security update for MacOS Catalina. In the release notes for iOS and iPadOS, the company mentions, “Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.”

The Citizen Lab urged Apple users to update their devices immediately. After the update was released, Apple’s head of security and engineering Ivan Krstić said in a statement:

Advertisement. Scroll to continue reading.

After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users … Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. – Ivan Krstić

How do zero-click attacks work and has NSO used them before?

A zero-click attack is the holy grail of surveillance since it can hack into a device without tipping off the user at all. Attempts at hacking typically require victims to click a suspicious link received via text or e-mail, but NSO’s zero-click attack requires no such action from the user. According to Citizen Lab, the attackers exploited a flaw in Apple’s image rendering library through iMessage.

Here are known zero-click attacks executed by the NSO Group in the past:

  • WhatsApp: In 2019, the NSO Group had exploited WhatsApp’s voice call feature to install spyware on targetted devices without even requiring users to pick up the call. According to WhatsApp, the hack was used to target 1,400 people in the two-week period when it was under observation.
  • iMessage: In 2020, a zero-click attack was used on iMessage to target 36 journalists at Al Jazeera, the Citizen Lab had found in December 2020. The researchers believe that the vulnerability was fixed by Apple in iOS 14.

Also read:

Have something to add? Post your comment and gift someone a MediaNama subscription.

Written By

Click to comment

You must be logged in to post a comment Login

Leave a Reply

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.

News

In this excerpt from the book, the authors focus on personal data and autocracies. One in particular – Russia.  Autocracies always prioritize information control...

News

By Jai Vipra, Senior Resident Fellow at Vidhi Centre for Legal Policy The use of new technology, including facial recognition technology (FRT) by police...

News

By Stella Joseph, Prakhil Mishra, and Yash Desai The Government of India circulated proposed amendments to the Consumer Protection (E-Commerce) Rules, 2020 (“E-Commerce Rules”) which...

News

By Rahul Rai and Shruti Aji Murali A little less than a year since their release, the Consumer Protection (E-commerce) Rules, 2020 is being amended....

You May Also Like

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ