The software can then listen in on your conversations or steal data from your computer. All of Apple’s operating systems are vulnerable, including those for iPads, Macs, and Apple Watches.
The “zero-click” hole allowed Pegasus malware from Israeli hacker-for-hire business NSO Group to infect the iPhone of a Saudi activist by sending an image file via iMessage, according to the Citizen Lab at the University of Toronto. The activist requested anonymity because he or she did not want to be identified.
“NSO Group will continue to supply life-saving technologies to intelligence and law enforcement organisations throughout the world in the fight against terror and crime,” according to NSO Group.
Government organisations and police forces use NSO Group’s Pegasus spyware programme to investigate significant crimes. It has also been used to target human rights activists, journalists, and political dissidents, according to Citizen Lab and Amnesty International publications.
On Monday, Apple released a patch to address the security weakness, but it made no mention of NSO Group.
“Apple quickly created and issued a remedy in iOS 14.8 to safeguard our users after detecting the vulnerability utilised by this attack for iMessage,” Ivan Krsti, head of Apple Security Engineering and Architecture, said in a statement to USA TODAY.
Citizen Lab was also credited with obtaining the exploit “so we could create this fix rapidly,” he said.
“Attacks like the ones described are extremely complex, cost millions of dollars to develop, have a short shelf life, and are used to target specific persons,” Krsti explained.
According to him, “the overwhelming majority of our users” will be unaffected by the security issue.
Although typical consumers are unlikely to be targeted by hackers, every Apple device is susceptible, and everyone should update to iOS.
iPhones and iPads should be updated to iOS 14.8, Macs should be updated to 11.6 and Apple Watches should be updated to 7.6.2.