iPhone update: Apple releases urgent software update to address critical spyware vulnerability

Researchers from the Citizen Lab at the University of Toronto said the exploit had been in use since February and was used to deploy Pegasus, the spyware made by Israeli company NSO Group that was allegedly used to monitor journalists and human rights defenders in several countries.

The Urgent Update that Apple (AAPL) released on Monday fills a hole in iMessage software that allowed hackers to infiltrate a user’s phone without the user clicking on any links, according to Citizen Lab. The Saudi activist chose to remain anonymous, Citizen Lab said.

Apple credited Citizen Lab researchers for finding the vulnerability.

“Attacks like the ones described are very sophisticated, cost millions of dollars to develop, often have a short lifespan, and are used to target specific individuals,” said Ivan Krstić, head of Apple Security Engineering and Architecture, in a statement.

Krstić said Apple quickly fixed the issue with a software patch and the vulnerability was “not a threat to the overwhelming majority of our users.”

Still, security experts have encouraged users to update their mobile devices to protect themselves.

In a statement, NSO Group did not respond to the allegations, stating only, “NSO Group will continue to provide intelligence and law enforcement agencies around the world with vital technologies to fight terrorism and crime.”

The company has previously said its software is only sold to approved customers for counter-terrorism and law enforcement purposes.

The researchers, however, say they have found several instances in which the spyware was deployed on dissidents or journalists. In 2019, Citizen Lab analysts alleged that Pegasus was used on the cellphone of the wife of a murdered Mexican journalist.

In a trial filed in 2019, Facebook accused the NSO Group of being complicit in the hacking of 1,400 mobile devices using WhatsApp. (NSO Group disputed the claims at the time.)
The proliferation of easy-to-use mobile hacking tools has given governments around the world a stealth new way to target adversaries. Sophisticated spyware made by NSO Group and other vendors was allegedly used from Uzbekistan for Morocco.
The resurgence of spyware in August prompted a group of United Nations human rights experts to ask for a moratorium on the sale of such monitoring tools. The UN panel said the ban should remain in place until governments have “put in place strong regulations that ensure its use in accordance with international human rights standards”.