Apple on Monday issued emergency software updates to address a security vulnerability after researchers detected a flaw that could allow hackers to directly access and manipulate iPhones and other Apple devices without any user interaction.
Apple’s security team has been working nonstop to develop a fix since Tuesday, after researchers at Citizen Lab, a cybersecurity watchdog organization at the University of Toronto, discovered that a Saudi activist’s iPhone had been infected with spyware, The New York Times reported.
Citizen Lab researchers told The Associated Press that they had the highest confidence that the world’s most infamous hacker-for-hire firm, Israel’s NSO Group, was behind that attack.
NSO Group responded with a one-sentence statement saying it will continue providing tools for fighting “terror and crime.”
In a blog post citing Citizen Lab, Apple stated that it is aware of the high-profile incident and was immediately issuing a security update for iPhones and iPads because a “maliciously crafted” PDF file could lead to them being hacked. Meanwhile, an Apple spokesman confirmed Citizen Lab’s assessment to the Times and said that the company planned to add spyware barriers to its next iOS 15 software update, expected before the end of 2021.
Dubbed “Pegasus,” the spyware was used to invisibly infect an Apple device without the victim’s knowledge for as long as six months, the Times reported.
“This spyware can do everything an iPhone user can do on their device and more,” John Scott-Railton, a senior researcher at Citizen Lab, told the newspaper.
According to the Times, the novel “zero click remote exploit” is considered the “Holy Grail of surveillance” because it allows governments, mercenaries and criminals to covertly hack a victim’s device.
The vulnerability reportedly affected all major Apple devices, including iPhones, Macs and Apple Watches, but security experts told the AP that average Apple users should remain calm because such attacks typically target specific marks. Likewise, Apple’s security chief, Ivan Krstić, reiterated that such exploits “are not a threat to the overwhelming majority of our users.”
Citizen Lab researchers first detected the malicious code on Sept. 7 and alerted Apple, but the targeted Saudi activist asked to remain anonymous.
“We’re not necessarily attributing this attack to the Saudi government,” Bill Marczak, a senior research fellow at Citizen Lab who partnered with Scott-Railton on the finding, told the AP.
Specifically, malicious image files were transmitted to the activist’s phone via the iMessage instant-messaging app before it was hacked with NSO’s Pegasus spyware, which opens a phone to eavesdropping and remote data theft, Marczak said.
Users should get alerts on their iPhones prompting them to update the phone’s iOS software and can go into the phone settings, click “General” then “Software Update,” and trigger the patch update directly.
-- The Associated Press contributed to this report.