[ad_1]
Apple released emergency software updates for a critical vulnerability in its products Monday after security researchers uncovered a flaw that allowed highly invasive spyware. Israel’s NSO Group to infect anyone’s iPhone, Apple Watch or Mac computer with even one click.
Apple’s security team has been working around the clock to develop a fix since Tuesday, following the researchers. Citizen LabA cybersecurity watchdog at the University of Toronto discovered that a Saudi activist’s iPhone was infected with spyware from the NSO Group.
Spyware called Pegasus used a new method to invisibly infect an Apple device for six months without the victim’s knowledge. Known as “zero-click remote exploits,” this is considered the Holy Grail of surveillance, as it allows governments, mercenaries, and criminals to sneak into a victim’s device without notifying the victim.
Using the zero-click infection method, Pegasus can unlock a user’s camera and microphone, record messages, texts, emails, calls – even those sent via encrypted messaging and phone apps like Signal – and send them back to NSO’s clients in governments around the world. World.
“This spyware can do everything an iPhone user can do on their device and more,” said John Scott-Railton, senior researcher at Citizen Lab, who met with Bill Marczak, a senior research fellow at Citizen Lab.
In the past, victims learned that their device was infected with spyware only after sending a suspicious link message to their phone or email. But NSO Group’s zero-click feature gives no such prompt to the victim and gives full access to a person’s digital life. These capabilities can bring in millions of dollars in the underground market for hacking tools.
An Apple spokesperson confirmed Citizen Lab’s assessment and said that the company plans to add spyware barriers to the next iOS 15 software update, which is expected this year.
NSO Group did not immediately respond to questions on Monday.
NSO Group has long caused controversy. The company said it only sells its spyware to governments that meet strict human rights standards. But in the last six years, Pegasus spyware has It has been on the phones of activists, dissidents, lawyers, doctors, nutritionists and even children. In countries like Saudi Arabia, United Arab Emirates and Mexico.
In July, NSO Group came under intense media scrutiny after human rights watchdog Amnesty International and Forbidden Stories, a group focused on freedom of expression, collaborated with a consortium of media outlets. “Pegasus Project” For publishing a list they say includes nearly 50,000 people, including hundreds of journalists, government leaders, dissidents and activists, who have been targeted by NSO’s clients.
Let’s Help You Protect Your Digital Life
The consortium did not disclose how it obtained the list, and it was unclear whether the list was promising or whether people were actually being targeted with NSO spyware.
Among those listed was Azam Ahmed, a former New York Times Mexico City bureau chief who has reported widely on corruption, violence, and surveillance in Latin America. including the NSO itself; and Ben Hubbard, The Times bureau chief in Beirut, Lebanon, who recently wrote an article investigating rights abuses and corruption in Saudi Arabia. biography Saudi Crown Prince Mohammed bin Salman.
Shalev Hulio, co-founder of NSO Group, vehemently denied the accuracy of the list, telling The Times, “It’s like opening the white pages, picking the 50,000 number and drawing a conclusion from it.”
NSO’s clients have previously infected their targets using text messages that persuaded victims to click on a link. These connections made it possible for journalists to investigate the possible existence of NSO’s spyware. But the new zero-click method makes it much harder for spyware to be discovered by journalists and cybersecurity researchers.
“The commercial spyware industry is getting darker,” said Citizen Lab researcher Mr Marczak, who helped uncover the exploit on a Saudi activist’s phone.
Mr. Scott-Railton urged Apple customers to run software updates.
“Do you have an Apple product? Update today.”
[ad_2]
Source link