Apple Issues Emergency Security Patch to Close a Spyware Flaw

Apple Inc. has issued an emergency security patch to block spyware used by Israel-based NSO Group that could infect iOS devices.

Apple rushed the release of iOS 14.8 and iPadOS 14.8 after being made aware that some security issues “may have been actively exploited.”

Security researchers at Citizen Lab reported on Sep. 13 that a security flaw in Apple’s devices gave hackers access to the phone of a Saudi activist using NSO’s Pegasus spyware.

A “maliciously crafted” PDF file can infect a device with the Pegasus spyware after being sent through iMessage even without being clicked — Citizen Lab called this a “zero-click exploit”.

“Apple’s iMessage is one of the most secure messaging apps in the world but clearly it had a dangerous weakness that a hacking team found and exploited,” wrote BBC cyber reporter Joe Tidy.

The Apple flaw was the latest zero-click exploit linked to the NSO Group with another found in WhatsApp in 2019, according to Citizen Lab.

The NSO Group maintained that their spyware was intended for counterterrorism efforts and not human rights abuse.

© Fourth Estate® — All Rights Reserved.
This material may not be published, broadcast, rewritten or redistributed.