Apple has closed a security hole that experts say could be used to spy on messages on iPhones and other devices. Researchers from the Citizen Lab organization said they discovered the vulnerability when scanning a Saudi activist’s phone. The device was infected with Israeli company NSO’s “Pegasus” monitoring software, writes Citizen Lab.
Apple responded on Monday and released a software update for iPhones and iPads that is believed to address security gaps. For protection to take effect, updates must be installed by users. Citizen Lab believes the vulnerability has been exploited since at least February 2021.
Attack with a prepared PDF file
The security vulnerability is a so-called zero-day vulnerability. The vulnerabilities are named which are neither known to the software vendor nor to the general public and can therefore be used clandestinely. Among other things, they are specifically wanted by the secret services and used for espionage purposes. These weak points are therefore considered particularly valuable and are generally used very specifically against individual target people.
According to Apple, the attackers sent a specially prepared PDF document which was automatically processed by the iMessage app and caused the spyware to download to the phones without being noticed. Users didn’t have to click anything to become victims. Spy company NSO has been known to be able to reliably decipher iPhone Messenger with loopholes like this for years. If Apple closes one loophole, the next one is ready.
Apple reacted very quickly to this matter. According to Citizen Lab, the company only discovered the vulnerability on September 7. An update is now available less than a week later. This should also be installed as soon as possible by users who are not afraid of being spied on by state authorities. Once a vulnerability is known, cybercriminals can also try to recreate it and use it for their own ends.
NSO software is abused over and over again
According to Citizen Lab, the file names that were also used in previous attacks with the software indicate that the attacker in this case was in fact NSO with their Pegasus software. In addition, the program found was covering its tracks on the iPhone, but not completely: an error that had also occurred in previous attacks with Pegasus.
Israeli manufacturing company NSO continually wins the headlines for misuse of its software. In July, the Forbidden Stories journalist consortium, which also includes SZ, NDR, WDR and Die Zeit, reported numerous attacks on politicians, journalists and activists. In this case, NSO sends out its standard response again: Pegasus is “sold exclusively to law enforcement and secret services by verified governments for the sole purpose of saving lives by preventing crimes and acts of terrorism.” “.