Security researchers have discovered a new exploit that allows infect iPhone, Mac and Apple Watch with Pegasus spyware. Apple recommends immediate update of devices with the new patch.
Apple urges all users to immediately update their devices with the new patch, after researchers found that the Israeli spyware company NSO Group has developed a way to Take control of almost every Mac, Apple Watch or iPhone with Pegasus spyware.
"It's totally scary"He said John Scott-Railton, Senior Researcher at The Citizen LabWhich recently discovered software exploit and notified Apple.
According to the researchers, the malware can control an Apple device by first sending a message via iMessage (the company's default messaging application). Subsequently, exploits an error in the way Apple processes images. It's a zero-click exploit and is extremely dangerous because it affects iPhones and other Apple devices without the need for any interaction from the victim (eg clicking a link or downloading a file).
Also, according to Scott-Railton, it is it is almost impossible for anyone to understand that their device has been compromised. It just sees a message, a GIF.
As is often the case with hacking by the NSO Group, the exploit that affects Apple's iPhone, Apple Watch and Mac it is probably only used on people targeted by the various governments that use the spyware software of the Israeli company.
The NSO Group creates surveillance and hacking software, which it lends to governments to spy on people's computers and smartphones. For years, it has insisted that its main product, the Pegasus spyware is a tool to stop terrorists and other criminals and that it provides technology only to legitimate governments, in accordance with their own laws. He also insists that spyware cannot be used to target American phones and that the company is recalling use by countries that misuse its products.
But the Citizen Lab, a cybersecurity research center at the University of Toronto, has repeatedly found Pegasus spyware in spy campaigns against journalists and dissidents.
In an e-mail statement, a spokesman for the Israeli company said: "NSO Group will continue to provide counterterrorism and crime technologies to intelligence and law enforcement services worldwide".
As mentioned above, Pegasus is mainly used by governments to track specific individuals. Citizen Lab was able to identify the new exploit that affects iPhone, Apple watch and Mac, by examining the phone of a Saudi dissident.
"In this case, it is quite clear that this person was targeted because he was an activist and not for any other reason", Said a researcher.
Apple released one yesterday patch to fix the vulnerability discovered by Citizen Lab. However, he did not provide technical details and said that "this issue may have been used".
Apple thanks investigators for updating the bug.
it's not the first time that Apple devices are affected by NSO Group spyware.
Updating to the latest iOS or MacOS version will protect users from this new hack.
Source: NBC News