Urgent Apple iPhone software update issued to tackle critical spyware vulnerability detected by independent researchers who claim it is being exploited by notorious surveillance software to spy on a Saudi activist.
According to researchers from the University of Toronto’s Citizen Lab, the software exploit has been in use since February and used to deploy Pegasus spyware made by Israeli firm NSO Group. The spyware has allegedly been used to spy on journalists and human rights advocates in a number of countries.
Apple on Monday released the urgent Apple iPhone Software fix the flaws in its iMessage software. According to Citizen Lab, the vulnerability allowed bad actors to hack into the user’s phone without the user clicking any links.
Apple credited Citizen Lab for its findings. Ivan Krstić, head of Apple Security Engineering and Architecture, in a statement said, “Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals.
He further added Apple will continue to address the issue with a software fix and the vulnerability is not a threat to the overwhelming majority of Apple users.
Security experts have urged users to update their mobile devices for protection. On the other hand, the NSO Group has denied allegations, the group said, “NSO Group will continue to provide intelligence and law enforcement agencies around the world with life-saving technologies to fight terror and crime.”
The group has already declared their software was sold to study clients for counterterrorism and law enforcement purposes.
Earlier in 2019, Citizen Lab alleged, Pegasus software was used on the mobile phone of the wife of a slain Mexican journalist.
Facebook filed a lawsuit in 2019, accusing the NSO Group of being complicit in a hack of 1,400 mobile devices using WhatsApp.
The ability to access easy-to-use mobile hacking tools has given tremendous power to governments across the world to target adversaries with a new and stealthy option.
Sophisticated spyware built by NSO Group and other vendors is widely used in countries such as Uzbekistan and Morocco.
To counter the rise of such spyware software the United Nations panel of human rights experts called for a moratorium on the sale of such surveillance tools in August. The UN panel was in the favour of putting a ban on the sale of such software until governments have robust regulations in place, which will guarantee its use in compliance with international human rights standards.
Cobalt Strike Beacon Linux and Windows Implementation Targets Organizations Worldwide
Latest SpookJS Attack Bypasses Google Chrome’s Site Isolation Protection
HAProxy – Vulnerable to Critical HTTP Request Smuggling Attacks