Apple issued an emergency update on September 13th due to a “zero click” security attack.
In a statement by Apple, they said, “After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users.”
This security vulnerability has been taking place since February and has been allowing an Israeli cybersecurity firm to infect iPhones using the messaging software. More than 1.65 billion Apple products have been vulnerable to the NSO’s spyware since around March.
Citizen Lab, a research group that studies cyberattacks, discovered the flaw. They identified this attack as a “zero click” attack. This means that there was no need for anyone to click on a link or open anything for their iPhone to be infected.
Apple is recommending that everyone update their devices as soon as possible. This patch is available on the iPhone, iPad, Mac, and Apple Watch software updates. This emergency updates came a day before a product launch event.
John Scott-Railton, who is a senior researcher for Citizen Lab, told Bloomberg, “What this highlights is that chat apps are the soft underbelly of device security. They are ubiquitous, which makes them really attractive, so they are an increasingly common target for attackers.”
New York Times quoted Railton, “This spyware can do everything that an iPhone user can do on their device and more.”
The spyware used for this attack is called Pegasus. Pegasus can activate the user’s camera and microphone and record other communications on that device. This stolen information is then sent to the NSO’s clients around the world.
The NSO Group has been under investigation by Citizen Lab for a while. They claim that this spyware is being used to fight terrorism, not to abuse human rights. This group has also been releasing different public works in an effort to mislead customers. These attacks are believed to be coming from Saudi Arabia and the United Arab Emirates.