• Wednesday, Oct 27, 2021
  • Last Update : 06:52 pm

Apple issues fix for flaw linked to Pegasus spyware

  • Published at 10:03 am September 14th, 2021
Apple
File photo: A 3D printed Apple logo is seen in front of a displayed cyber code in this illustration taken March 22, 201 Reuters


Researchers at Citizen Lab found the problem while analyzing a Saudi activist's phone that had been compromised with the code

Apple released a fix Monday for a weakness that can let the spyware at the heart of the Pegasus scandal infect devices without users even clicking on a malicious message or link.

The Pegasus software from Israeli firm NSO Group has been under intense scrutiny since an international media investigation claimed it was used to spy on the phones of human rights activists, journalists and even heads of state.

Researchers at Citizen Lab, a cybersecurity watchdog organization in Canada, found the problem while analyzing a Saudi activist's phone that had been compromised with the code.

"We determined that the mercenary spyware company NSO Group used the vulnerability to remotely exploit and infect the latest Apple devices with the Pegasus spyware," Citizen Lab wrote in a post.

In March, Citizen Lab examined the activist's phone and determined it was hacked with Pegasus spyware introduced via iMessage texting and that it did not even require the phone's user to so much as click.

Hours after releasing the fix, Apple said it had "rapidly" developed the update following Citizen Lab's discovery of the problem.

"Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals," the company said.


Also Read - Apple loosens App Store payment rules for Netflix, Amazon and others


NSO did not dispute Pegasus had prompted the urgent software upgrade, and said in a statement that it would "continue to provide intelligence and law enforcement agencies around the world with life-saving technologies to fight terror and crime."

No click needed 

Pegasus has evolved to become more effective since it was uncovered by Citizen Lab and cyber security firm Lookout five years ago.

Pegasus can be deployed as a "zero-click exploit," meaning that the spyware can install itself without the victim even clicking a booby-trapped link or file, according to Lookout senior manager Hank Schless.

"Many apps will automatically create a preview or cache of links in order to improve the user experience," Schless said.

"Pegasus takes advantage of this functionality to silently infect the device."

UN experts recently called for an international moratorium on the sale of surveillance technology until regulations are implemented to protect human rights following an Israeli spyware scandal.

An international media investigation reported in July that several governments used the Pegasus malware, created by NSO Group, to spy on activists, journalists and politicians. 

Pegasus can switch on a phone's camera or microphone and harvest its data.

"It is highly dangerous and irresponsible to allow the surveillance technology and trade sector to operate as a human rights-free zone," the UN human rights experts said in a statement at the time.

The statement was signed by three special rapporteurs on rights and a working group on the issue of human rights and transnational corporations and other businesses.

Israel's defense establishment has set up a committee to review NSO's business, including the process through which export licences are granted.

NSO insists its software is intended for use only in fighting terrorism and other crimes, and says it exports to 45 countries.


50
Facebook 50
blogger sharing button blogger
buffer sharing button buffer
diaspora sharing button diaspora
digg sharing button digg
douban sharing button douban
email sharing button email
evernote sharing button evernote
flipboard sharing button flipboard
pocket sharing button getpocket
github sharing button github
gmail sharing button gmail
googlebookmarks sharing button googlebookmarks
hackernews sharing button hackernews
instapaper sharing button instapaper
line sharing button line
linkedin sharing button linkedin
livejournal sharing button livejournal
mailru sharing button mailru
medium sharing button medium
meneame sharing button meneame
messenger sharing button messenger
odnoklassniki sharing button odnoklassniki
pinterest sharing button pinterest
print sharing button print
qzone sharing button qzone
reddit sharing button reddit
refind sharing button refind
renren sharing button renren
skype sharing button skype
snapchat sharing button snapchat
surfingbird sharing button surfingbird
telegram sharing button telegram
tumblr sharing button tumblr
twitter sharing button twitter
vk sharing button vk
wechat sharing button wechat
weibo sharing button weibo
whatsapp sharing button whatsapp
wordpress sharing button wordpress
xing sharing button xing
yahoomail sharing button yahoomail