Apple users need to update their software immediately. Security experts discovered a flaw that allows highly intrusive spyware from Israel’s NSO Group to infect anyone’s iPhone, iPad, Apple Watch and Mac computer without so much as clicking on anything.
On 17th July, worldwide media organizations released an explosive report detailing how regimes and governments around the world were deploying spyware to spy on journalists and human rights activists.
Hackers were able to infiltrate the user’s phone without requiring any clicks due to a flaw in Apple’s iMessage software, which was fixed by an immediate update. The vulnerability was identified after a Saudi activist’s phone was spied on, according to Citizen Lab. Apple also responded to the threat, crediting Citizen Lab for discovering the flaw.
Even so, Ivan Krstic, Apple’s security chief, stated in a statement that the vulnerability would pose no threat to the vast majority of its users. Krstic also described the spyware, describing it as “highly sophisticated” and designed to target specific people.
The spyware, known as Pegasus, infiltrated Apple devices quietly and without the victims’ knowledge. It’s called a “zero click remote exploit” because it allows governments, mercenary, and criminals to discreetly sneak into someone’s device without alerting the victim.
Pegasus can switch on a user’s camera and microphone, record messages, texts, emails, and phone calls — including those made via encrypted messaging and phone apps like Signal — and send them back to NSO’s clients at governments around the world using the zero-click infiltration approach.
The NSO Group claims that its software can be used by vetted countries engaged in counter-terrorism operations. But, many researchers have discovered that the spyware has been used to snoop on journalists and activists in several nations. Pegasus has the ability to turn on/off the camera, microphone, and even collect data without the user’s awareness.
The repercussions of using spyware like this can be disastrous. In fact, the United Nations has urged for an end to the use of such software until a framework can be put in place to bring it in line with international human rights regulations.
You might also like:
A decade old flaw still exists in iOS 15 beta
Pegasus Project – Spyware used to target journalist, activists and others
FTC bans Spyfone and its CEO from surveillance business
Israeli firm Candiru exploited Windows zero-days to deploy spyware