Internet security watchdog group Citizen Lab said last week, an Israeli spyware company named NSO Group developed a tool to break into Apple products with a never-before-seen technique that defeats security systems designed by Apple in recent years.
The spyware, named Pegasus, used a method to inconspicuously infect Apple devices without being detected by the victims. In the past, we could only learn that our devices were infected by spyware only after receiving a suspicious link texted to our phone or email. But NSO’s zero click remote exploit meant victims received no such warning, and the flaw enabled full access to a person’s digital life. It is considered the Holy Grail of surveillance because it allows governments, lawbreakers and mercenaries to invisibly break into someone’s device without tipping the victim off.
The discovery of this infection means that since March, more than 1.65 billion Apple products in use worldwide have been at risk to NSO’s spyware. Apple’s security team had worked around the clock to develop a fix. Ivan Krstić, Apple’s head of security engineering and architecture, commended Citizen Lab for its findings and urged customers to run the latest software updates for the fixes to take effect, by installing iOS 14.8, MacOS 11.6 and WatchOS 7.6.2.
Later this year, plans to introduce new security defenses for Apple’s texting application iMessage in its next iOS 15 software update, are expected.
On the other hand, NSO did not immediately respond to inquiries.