Apple fixes a security flaw exploited by Pegasus, says report

Apple fixes a security flaw exploited by Pegasus, says report
Share This :



Inc. said it patched a security flaw in its Messages app after security researchers determined that Israel-based Group used it to “exploit and infect” the latest devices with spyware.


The flaw, disclosed Monday by Citizen Lab, allowed a hacker using NSO’s Pegasus malware to gain access to a device owned by an unnamed Saudi activist, according to security researchers. said the flaw could be exploited if a user on a vulnerable device received a “maliciously crafted” PDF file.


The flaw was a “zero-day” vulnerability, a term that refers to recently discovered bugs that hackers can exploit and haven’t yet been patched. Victims didn’t have to click on the malicious file for it to infect their devices, something known as a “zero-click” exploit, according to a report released by Citizen Lab, a cyber-research unit of the University of Toronto.


“What this highlights is that chat apps are the soft underbelly of device security,” John Scott-Railton, senior researcher at Citizen Lab, said in a text message. “They are ubiquitous, which makes them really attractive, so they are an increasingly common target for attackers.


“They need to be a major priority for security,” he added. “Narrowing the attack surface from chat apps will go a long way toward making all of our devices more secure.”




is patching the bug on the iPhone, iPad, Mac and Apple Watch via iOS 14.8, iPadOS 14.8, macOS 11.6 and watchOS 7.6.2 software updates. The software releases came the day before a highly anticipated Apple product launch event on Tuesday. The company is expected to announce the release date for iOS 15, Apple’s next major software update, which will contain additional security protections.


“After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users,” Ivan Krstić, head of security engineering and architecture at Apple, said in a statement. “We’d like to commend Citizen Lab for successfully completing the very difficult work of obtaining a sample of this exploit so we could develop this fix quickly.”


Krstić added that attacks like this one are “highly sophisticated, cost millions of dollars to develop, often have a short shelf life and are used to target specific individuals.”


“While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data,” he said.


Apple shares were little changed in extended trading after closing at $149.55 in New York.


The Group has been the subject of repeated criticism by Citizen Lab and other organizations after its spyware has been discovered on the phones of activists and journalists critical of repressive regimes. In its report Monday, Citizen Lab accused Group of facilitating “despotism-as-a-service for unaccountable government security agencies” and argued that regulation is “desperately needed.”


NSO Group has insisted that the spyware is intended to be used to fight terrorism and crime, not to aid in human rights abuses.


In its own statement, NSO Group said the company “will continue to provide intelligence and law enforcement agencies around the world with life saving technologies.”


In June, the company published its first “Transparency and Responsibility Report,” which defended its technology and efforts to curb misuse by customers.


The White House has raised concerns about NSO Group with senior Israeli officials, the Washington Post reported.


In December, Citizen Lab reported that NSO spyware was used to target the devices of 36 Al Jazeera employees. Citizen Lab said that it believed the hacks were carried out on behalf of Saudi Arabia and the United Arab Emirates. The hack in 2020 is similar to the one disclosed Monday because it didn’t require the victim to click on a malicious link, meaning there is no way to defend from the hack. NSO Group denied the report.

, Apple fixes a security flaw exploited by Pegasus, says report, Dear Reader,

Business Standard has always strived hard to provide up-to-date information and commentary on developments that are of interest to you and have wider political and economic implications for the country and the world. Your encouragement and constant feedback on how to improve our offering have only made our resolve and commitment to these ideals stronger. Even during these difficult times arising out of Covid-19, we continue to remain committed to keeping you informed and updated with credible news, authoritative views and incisive commentary on topical issues of relevance.

We, however, have a request.

As we battle the economic impact of the pandemic, we need your support even more, so that we can continue to offer you more quality content. Our subscription model has seen an encouraging response from many of you, who have subscribed to our online content. More subscription to our online content can only help us achieve the goals of offering you even better and more relevant content. We believe in free, fair and credible journalism. Your support through more subscriptions can help us practise the journalism to which we are committed.

Support quality journalism and subscribe to Business Standard.

Digital Editor





Source link

Share This :