Apple has launched an emergency software update to protect its users after new research found its products are vulnerable to attack from hackers without any user action.
On Monday, Citizen Lab, a Canadian internet security watchdog, had revealed it found malware said to have been developed by NSO Group, an Israeli surveillance firm, on the iPhone of an unnamed Saudi activist.
The researchers said the spyware — which may have infected the phone since February — was discovered on September 7 after which Apple was alerted.
They added that the malware identified as forcedentry, “targets Apple’s image rendering library, and was effective against Apple iOS, MacOS and WatchOS devices.”
The researchers said the development makes it the first time “a zero-click exploit” would be discovered and analysed.
A zero-click exploit is software that allows an attacker to hack into the device without requiring the victim to click on anything.
This implies that the targeted persons have no chance of discovering that their phones have been compromised.
The researchers said the flaw affected all Apple’s operating systems.
“We determined that the mercenary spyware company NSO Group used the vulnerability to remotely exploit and infect the latest Apple devices with the Pegasus spyware. We believe that Forcedentry has been in use since at least February 2021,” the researchers said.
In a statement on Monday, Apple confirmed the vulnerability in its products as established by the study, saying the situation had been fixed.
“After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users,” Ivan Krstić, Apple’s head of security, engineering and architecture, was quoted as saying.
“Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals.
“While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data.”
According to Reuters, NSO kept mum on whether it was behind the development of the software in a statement.
The company, however, said it would “continue to provide intelligence and law enforcement agencies around the world with life-saving technologies to fight terror and crime.”
Copyright 2021 TheCable. All rights reserved. This material, and other digital content on this website, may not be reproduced, published, broadcast, rewritten or redistributed in whole or in part without prior express written permission from TheCable.
Follow us on twitter @Thecablestyle