Apple releases emergency update to address spyware vulnerabilities

Apple releases emergency update to address spyware vulnerabilities

Points Highlighted:

  • “We determined that the mercenary spyware company NSO Group used the vulnerability to remotely exploit and infect the latest Apple devices with the Pegasus spyware,” wrote the researchers, who said they believed the exploit has been in use since at least February 2021.  

  • As outlined in a blog post published Monday, cyber experts at the interdisciplinary Citizen Lab discovered a zero-day, zero-click exploit against iMessage while analyzing the phone of an anonymous Saudi activist.   

“Ubiquitous chat apps have become a major target for the most sophisticated threat actors, including nation state espionage operations and the mercenary spyware companies that service them,” they added.  

WHY IT MATTERS  

“We urge readers to immediately update all Apple devices,” said the researchers.  

As The New York Times explained in its reporting about the incident, the Pegasus spyware can turn on a user’s camera and microphone and record messages, texts, emails and calls.

The zero-click capability allows such spyware to be installed without the user taking any action, such as clicking a link.  

According to Citizen Lab, the exploit targets Apple’s image rendering library and has been effective against Apple iOS, MacOS and WatchOS devices.  

Apple’s software update, released Monday, said, “Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.”   “After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix,” said a press statement by Ivan Krstić, head of Apple security engineering and architecture.

“Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data,” Krstić added.   Pegasus spyware, sold by the NSO Group, has been discovered on the phones of activists, lawyers, journalists, doctors and children in Mexico, the United Arab Emirates and Saudi Arabia.  

The company said in a statement to the Washington Post that it “will continue to provide intelligence and law enforcement agencies around the world with lifesaving technologies to fight terror and crime.”   THE LARGER TREND  

Although ransomware has tended to pose a more prominent threat to hospitals and health systems, spyware certainly carries its own dangers.   As experts recently noted at HIMSS21, the rise of state-licensed spyware, such as that sold by NSO Group, poses concerns.  

“It’s just getting worse and worse,” said Brian Cady, director of information security architecture at Providence St. Joseph Health.   ON THE RECORD  

We will be happy to hear your thoughts

      Leave a reply

      For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

      I agree to these terms.

      Tech Reviews, News and Guides | Techgadgetguides.com
      Logo