Home WORLD Apple Issues Emergency Security Updates to Close a Spyware Flaw

Apple Issues Emergency Security Updates to Close a Spyware Flaw

Apple on Monday issued emergency software updates for a critical vulnerability in its products after security researchers uncovered a flaw that allows highly invasive spyware from Israel’s NSO Group to infect anyone’s iPhone, iWatch or Mac computer without so much as a click.

Apple’s security team has been working around the clock to develop a fix since Tuesday, after researchers at Citizen Lab, a cybersecurity watchdog organization at the University of Toronto, discovered that a Saudi activist’s iPhone had been infected with spyware from NSO Group.

The spyware, called Pegasus, used a novel method to invisibly infect an Apple device without the victim’s knowledge for as long as six months. Known as a “zero click remote exploit,” it is considered the Holy Grail of surveillance because it allows governments, mercenaries and criminals to secretly break into a victim’s device without tipping them off.

Using the zero-click infection method, Pegasus can turn on a user’s camera and microphone, record their messages, texts, emails, calls — even those sent via encrypted messaging and phone apps like Signal — and send it back to NSO’s clients at governments around the world.

“This spyware can do everything an iPhone user can do on their device and more,” said John-Scott Railton, a senior researcher at Citizen Lab, who teamed up with Bill Marczak, a senior research fellow at Citizen Lab, on the finding.

In the past, victims only learned their devices were infected by spyware after receiving a suspicious link texted to their phone or email. But NSO Group’s zero-click capability gives the victim no such prompt, and enables full access to a person’s digital life. These capabilities can fetch millions of dollars on the underground market for hacking tools.

An Apple spokesman confirmed Citizen Lab’s assessment and said the company planned to add spyware barriers to its next iOS 15 software update, expected later this year.

NSO Group did not immediately respond to inquiries on Monday.

NSO Group has long drawn controversy. The company has said it sells its spyware to only governments that meet strict human rights standards. But over the past six years, its Pegasus spyware has turned up on the phones of activists, dissidents, lawyers, doctors, nutritionists and even children in countries like Saudi Arabia, the United Arab Emirates and Mexico.

In July, NSO Group became the subject of intense media scrutiny after Amnesty International, the human rights watchdog, and Forbidden Stories, a group that focuses on free speech, teamed up with a consortium of media organizations on “The Pegasus Project” to publish a list they said contained some 50,000 people — including hundreds of journalists, government leaders, dissidents and activists — selected as targets by NSO’s clients.

The consortium did not disclose how it obtained the list and it was unclear whether the list was aspirational or whether the people were actually targeted with NSO spyware.

Among those listed were Azam Ahmed, a former New York Times Mexico City bureau chief who has reported widely on corruption, violence and surveillance in Latin America, including on NSO itself; and Ben Hubbard, The Times’s bureau chief in Beirut, who has investigated rights abuses and corruption in Saudi Arabia and wrote a recent biography of the Saudi crown prince, Mohammed bin Salman.

Shalev Hulio, a co-founder of NSO Group, vehemently denied the list’s accuracy, telling The Times, “This is like opening up the white pages, choosing 50,000 numbers and drawing some conclusion from it.”

NSO’s clients previously infected their targets using text messages that cajoled victims into clicking on a link. Those links made it possible for journalists to investigate the possible presence of NSO’s spyware. But the new zero-click method makes the discovery of spyware by journalists and cybersecurity researchers much harder.

“The commercial spyware industry is going darker,” said Mr. Marczak, a researcher at Citizen Lab who helped uncover the exploit on a Saudi activist’s phone.

Mr. Scott-Railton urged Apple customers to run their software updates.

“Do you own an Apple product? Update it today,” he said.

Source link

RELATED ARTICLES

Italy records 52 COVID-related deaths

Italy has reported 52 COVID-related deaths, and the daily tally of new infections has fallen from just over 4,000 to 3,797.The country has registered...

Frydenberg: Australia-French relationship will get back on ‘even keel’ despite AUKUS deal

Treasurer Josh Frydenberg has doubled down on the decision to axe the $90 billion French submarine deal, but expressed confidence Australia’s relationship with Paris...

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

UFC champ Shevchenko hails Hollywood star Halle Berry for commitment to MMA role — RT Sport News

Valentina Shevchenko has issued a stirring endorsement of Halle Berry's MMA skills after starring alongside the...

Italy records 52 COVID-related deaths

Italy has reported 52 COVID-related deaths, and the daily tally of new infections has fallen from just over 4,000 to 3,797.The country has registered...

52% of Germans won’t miss Chancellor Angela Merkel, new poll indicates a day before general election — RT World News

As her long service as chancellor comes to an end, more than a half of all...

Climate is the key issue for voters. Is that helping Germany’s Greens?

Climate change has been ranked ahead of immigration and COVID-19 as German voters’ top election issue ahead of Sunday"s vote.But, for the German Greens,...