Apple releases emergency security updates for vulnerability facilitating spyware
Apple issued a set of emergency security updates after a vulnerability was identified, which allowed the NSO Group of Israel to use spyware to infect Apple products.
The vulnerability was discovered by Citizen Lab researchers. It is applied to Apple iOS, MacOS, and WatchOS products. The researchers called it zero-day zero-click exploit, aimed against iMessage.
Apple issued updates for each of the products, and it notified in the update that it was aware of a report stating that this flaw may have been exploited. The New York Times was the first one to report the vulnerability.
Researchers at Citizen Lab identified the vulnerability while analyzing the Saudi Arabian activist’s phone that was known to be infected with a spyware program by the NSO group. The flaw targeted the Apple image rendering library, allowing the Group to remotely exploit the devices under target.
John Scott-Railton, Citizen Lab’s senior researcher, stated that the spyware had the ability to do everything and more than an iPhone user can do on their device.
Ivan Krstić, Apple’s head of Security Engineering and Architecture, said in a statement that Apple had immediately made the security updates as soon as the vulnerability was identified.
Krstić also commended Citizen Lab for obtaining a sample of this exploit, helping them to develop the fix immediately. He further pointed out that such Attacks are highly sophisticated, are costly, have a short shelf life, and are used to victimize specific individuals.
Krstić added that this means they are not a threat to the majority of the users, but still, Apple works to defend them all, and it works day in and day out to add protections to their data and devices.
This incident is not the first time the NSO group has come under the spotlight for accusations of human rights and abuses of privacy.
Last year too, Reuters reported that the FBI was exploring the use of NSO Group spyware hacking operations against U.S. citizens, organizations and foreign governments.
WhatsApp blamed the Group in 2019 for permitting its spyware to be used to target high-ranking officials by governments.
Citizen Lab researchers also emphasized on the fact that entities such as NSO Group were facilitating despotism-as-a-service as they sell their offerings to governments.