CIO Insider

CIOInsider India Magazine

Separator

Apple Releases Emergency Software Updates to Fix Spyware Flaw

Separator

After security researchers identified a flaw that allows highly invasive spyware from Israel’s NSO Group iPhone, iPad, Apple Watch or Mac computer without so much as a click, Apple rolls out emergency software updates for all its products.

These updates were carefully developed by a team upon knowing that researchers at CityLab, a cybersecurity watchdog organization at Toronto University, noticed that an advanced form of spyware from NSO had invaded a Saudi activist’s iPhone. This led to affecting most of Apple’s operating systems.

The spyware, known as Pegasus, infiltrated Apple devices quietly and without the victims' knowledge. The holy grail of surveillance is a ‘zero click remote exploit’, which allows governments, mercenaries, and criminals to discreetly sneak into someone's device without alerting the target.

According to the researchers, who discovered the malicious code earlier this month and immediately contacted Apple, it was the first time a so-called zero-click attack has been spotted and evaluated. They claimed to have high confidence that the attack was carried out by the Israeli corporation NSO Group, and that the activist who was targeted requested anonymity.

Since more than 1.65 billion Apple gadgets in use throughout the world have been vulnerable to NSO's malware in March. It heralds a significant uptick in the cybersecurity arms race, with governments eager to pay whatever it takes to mass-spy on digital communications, and tech companies, human rights groups, and others racing to find and repair the latest flaws that allow such surveillance.

Pegasus can switch on a user's camera and microphone, record messages, texts, emails, and phone calls, including those made via encrypted messaging and phone apps like Signal and send them back to NSO's clients at governments around the world using the zero-click infection approach.

“This spyware can do everything an iPhone user can do on their smartphone and more”, said John Scott-Railton, a Citizen Lab senior researcher who worked on the discovery alongside Bill Marczak, a Citizen Lab senior research fellow.

Despite the fact that security researchers say the typical iPhone, iPad, and Mac user need not have to worry about such attacks being highly targeted, the revelation has frightened security experts.

The activist's phone was hacked with NSO's Pegasus spyware, which allows for eavesdropping and remote data theft, according to Marczak. A malicious image file was sent to the activist's phone via the iMessage instant-messaging app before it was hacked with NSO's Pegasus spyware, which allows for eavesdropping and remote data theft. It was identified following a second check of the phone, which had been infected in March according to forensics.

Since more than 1.65 billion Apple gadgets in use throughout the world have been vulnerable to NSO's malware in March. It heralds a significant uptick in the cybersecurity arms race, with governments eager to pay whatever it takes to mass-spy on digital communications, and tech companies, human rights groups, and others racing to find and repair the latest flaws that allow such surveillance.

Current Issue
Extrieve Technologies: A One-Stop-Shop for Document Management Solutions