Apple has released a critical software patch to fix a major security vulnerability after researchers found that spyware could exploit it to directly hack into iPhones and other Apple devices, without the user having to click a single click.
Researchers at the University of Toronto’s Citizen Lab said they were being transmitted malicious image files to the phone of a Saudi worker who wants to remain anonymous via the iMessage instant-messaging app. The device was then hacked by Pegasus spyware developed by Israel’s NSO Group, they alleged.
Calling the iMessage exploit forsakentry, Citizen Lab said the security vulnerability makes the phone more susceptible to eavesdropping and remote data theft, and it applies to all Apple devices. Forensics revealed that the worker’s phone had been infected back in March, adding that malicious files caused the phone to crash.
On September 7, the vulnerability was found in the activist’s iPhone, after which Citizen Lab said it immediately alerted Apple. The NSO group licenses its Pegasus spyware tool to government agencies and police forces to investigate criminal activity, but Citizen Lab researcher Bill Markzak said: “We are not necessarily blaming the Saudi government for this attack. “
NSO Group has issued a statement saying it will continue to provide equipment to fight “terror and crime”.
Also a “zero-click” exploit, Pegasus does not require users to click on any suspicious links or open infected files and is considered the pinnacle in surveillance technology, as it allows hackers to not alert the victim. Allows breaking into a person’s phone.
Apple said in a blog post that it is releasing a security update for iPhones and iPads because a “maliciously crafted” PDF file could lead to hacking. Apple security chief Evan Krustic also issued a statement saying that “After identifying a vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users.” did”.
In the past, such exploits usually cost millions of dollars to develop and often have a short shelf life, he said. While it is unclear at this time how many Apple users could have been attacked using this vulnerability, Mr Krustic said such exploits “do not pose a threat to the overwhelming majority of our users”.
Users should receive an alert on their iPhone prompting them to update the phone’s iOS software. The important update comes ahead of an Apple event on Tuesday where the tech firm was slated to unveil a new product.
Citizen Lab alleged that their findings undermine the Israeli firm’s claim that it sells software to law enforcement officers for use against criminals and terrorists and audits customers to ensure Pegasus is not misused. has been done.
“If Pegasus was only being used against criminals and terrorists, we would never have got this stuff,” Mr Markzak said.
Earlier in July, a global media association published a series of reports about the use of Pegasus to spy on journalists, activists, opposition leaders and political dissidents.
Reports have revealed that the fiancee’s phone Washington Post Journalist Jamal Khashoggi was infected with the software four days after he was killed at the Saudi consulate in Istanbul in 2018. The CIA blamed the Saudi government for the murder.
The revelation led to protests in Parliament against Indian Prime Minister Narendra Modi’s government against political opponents for allegedly using spyware. The government has so far neither accepted nor denied the allegations of espionage.
In Hungary, reports of espionage prompted an investigation against the right-wing government, while in France the government is also trying to investigate allegations that an unnamed Moroccan security service used Pegasus to target President Emmanuel Macron and members of his government. had to do. In 2019, a French ally, Morocco, has denied the allegations.
Additional reporting from agencies
Credit: www.independent.co.uk /