Apple has recently made an update to its software for the iPhones to deal with a critical vulnerability. According to the reports, this critical vulnerability with iMessage has been exploited by the NSO group, which is an Israeli surveillance software firm.
This update by Apple is aimed to fix the said vulnerability, which the researchers believe, has been exploited by notorious surveillance software to spy on a Saudi activist.
As announced by the Researchers from the University of Toronto’s Citizen Lab, the software exploit has been in prominent use since February. Besides, it has been used to deploy the Israeli spyware called Pegasus, which is made by Israeli firm NSO Group. Moreover, this same spyware has been reported to be used for surveillance of journalists and human rights advocates in any countries around the world.
To deal with the situation, Apple (AAPL) released an urgent update on Monday. As per the new update, the company has decided to plug a hole in the iMessage software. Apparently, earlier it sued to allow the hackers to break into an iPhone’s owner’s device and infiltrate the phone without any user’s acting on the clickbait links.
As per the Citizen Lab, they first found the NSO Group’s spyware called Pegasus on a Saudi activist’s phone. After further research, the Lab realized that the hack aims to target Apple’s image rendering library. Additionally, the researchers have also noted this new spyware to be the first “zero-click” exploit which has been caught and analyzed.
Citien Lab told that the Saudi activist has decided to keep the anonymity. Besides, the attack or the vulnerability was detected by the Citizen Lab in the first place. Ivan Krstić, head of Apple Security Engineering and Architecture, said in a statement, “Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals.”
Ivan further clarified that the vulnerability is “not a threat to the overwhelming majority of our users.” This is also because the company managed to rapidly address the issue and provide a fix for the same. Nonetheless, it is still advised by the security experts for iPhone users to keep their mobile device updated in order to keep them protected from such malwares.
Israeli software firm NSO Group on the other hand showed no interest to address the situation. When asked about the instance, NSO only stated, “NSO Group will continue to provide intelligence and law enforcement agencies around the world with life-saving technologies to fight terror and crime.”
Besides, NSO had told previously that they sell their software only to “vetted” customers to for the purpose of counterterrorism and enforcement of law. Citizen Lab researcher Bill Marczak marked that they never would have found such malwares if the Pegasus software was made only for the purpose of terrorism and against the criminals.
On the other hand, researchers came to find that the multiple cases where the same spyware by the surveillance software company was deployed to overlook the actions of dissidents, politicians and journalists.
As told by the Apple, the users do not need to worry as these kind of malwares are usually high targeted. But, the people are asked to update their iPhone, iPad and Mac and enable the automatic software updates. Also, the users should consider running the update manually.
Talking to the New York Times, John Scott-Railton, a researcher at Citizen Lab told, “Do you own an Apple product? Update it today,”
He further emphasized on the importance of protection of chat apps to protect one’s device from such malwares. Railton told that the chatting applications have become the easiest and common way for such attacks by the hackers. These apps can give access to the hackers effortlessly into the devices across an entire nation. “And it’s why it’s so important that companies focus on making sure that they are as locked down as possible,” told John Scott-Railton.
Moreover, the Israeli software company NSO Group has a history of such attacks targeted on multiple people and companies. Back in 2019, NSO was reported to have targeted WhatsApp with the means of an NSO zero-click exploit. As a result, the parent company Facebook had sued NSO was targeting its 1,400 WhatsApp users and exploiting them with the spyware.
The software company again became infamous in news in July 2021, when a report published by news agencies revealed how NSO’s clients have been spying on multiple journalists, human rights activists, and active politicians.
Besides, the software company not only targets the intended people, but their close relatives as well. In 2019, Citizen Lab had reported that Pegasus was allegedly used on the mobile phone of the wife of a slain Mexican journalist.