Apple issues urgent software update for all iPhone, iPad and Mac users to fix security flaw discovered by researchers.
Apple has released a critical software patch to fix a major security vulnerability after researchers discovered that spyware could enter the phone and then exploit it to hack directly into iPhones and other Apple devices without so much as a click from the user.
Researchers at the University of Toronto’s Citizen Lab said they found malicious image files being transmitted to the phone of a Saudi activist, who wished to remain anonymous, via the iMessage instant-messaging app.
They then discovered that the device was then hacked by the Pegasus spyware developed by Israel’s NSO Group, they alleged.
Calling the iMessage exploit Forcedentry, Citizen Lab said that the security vulnerability makes the phones susceptible to eavesdropping and remote data theft, and that it applied to all Apple devices. Forensics revealed that the Saudi activist’s phone had been infected back in March this year, adding that the malicious files caused the phone to crash.
The vulnerability was found in the activist’s iPhone on 7 September, following which Citizen Lab said it immediately alerted Apple. The NSO group licenses its Pegasus spyware tool to government agencies and police forces to investigate criminal activity, but Citizen Lab researcher Bill Marczak said: “We’re not necessarily attributing this attack to the Saudi government.”
Issuing a statement, the NSO Group said that it will continue providing tools for fighting “terror and crime”.
Called a “zero-click” exploit, Pegasus does not require users to click on any suspected link or open infected files and is considered the pinnacle in surveillance technology, as it allows hackers to break into a person’s phone without alerting the victim.
Apple, in a blog post, said that it was issuing a security update for iPhones and iPads because a “maliciously crafted” PDF file could lead to hacking. Apple security chief Ivan Krstic also issued a statement saying that “after identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users”.
Krstic added that in the past, such exploits typically cost millions of dollars to develop and often have a short shelf life.
Though it is unclear at the moment how many Apple users might have been attacked using this vulnerability, Mr Krstic said such exploits “are not a threat to the overwhelming majority of our users”.
Thank you for taking the time to read this article, do remember to come back and check The Euro Weekly News website for all your up-to-date local and international news stories and remember, you can also follow us on Facebook and Instagram.