Apple Releases Emergency Software Update After Pegasus Spyware Attack
Introduction
Apple Inc. has taken swift action after being alerted about a major security vulnerability in its iOS code. The previously unknown vulnerability allowed the Israeli group NSO to remotely inject its Pegasus spyware onto iPhones and iPads. In response, Apple has released an emergency software update to fix the vulnerability and protect its users from potential surveillance and privacy breaches.
The Pegasus Spyware Attack
The vulnerability, known as zero-day, enabled NSO to hide code within images sent via iMessage. This code allowed the Pegasus spyware to take control of a phone’s functions, including reading encrypted messages, turning on the camera and microphone remotely, and tracking the phone’s location. Pegasus has been linked to human rights abuses in various countries, leading to the blacklisting of the Israeli company by the US Department of Commerce.
Impact on Apple Wallet
In addition to the iOS code vulnerability, Apple also discovered a separate weakness that affected the Apple Wallet, where users store their payment cards. While Apple has fixed both vulnerabilities with the emergency software update, the company has not provided further details about the specific fixes.
The Cat-and-Mouse Game Between Technology Companies and Spyware Makers
This emergency software update is just one of many that Apple has released in recent years. It reflects the ongoing cat-and-mouse game between major U.S. technology companies and spyware makers, many of whom are based in Israel. These spyware makers exploit unknown vulnerabilities in smartphones and market them to government agencies as surveillance tools. Apple and other companies constantly strive to find and patch these vulnerabilities to protect their users’ privacy.
The NSO Controversy
The Israeli company NSO has faced numerous controversies and legal challenges due to its spyware. While NSO claims its product is intended to monitor potential terrorists and fight organized crime, its software has been found on the phones of dissidents, journalists, lawyers, and opposition leaders in countries with poor human rights records. The discovery of the latest vulnerability highlights how NSO continues to find rare weaknesses in sophisticated operating systems.
The Lawsuit and NSO’s Position
In 2019, NSO’s hack of the WhatsApp messaging platform led to a lawsuit by WhatsApp owner Meta, joined by Apple, Amazon, and other tech giants. NSO argues that its actions should be immune from legal scrutiny because its software is used by sovereign nations and the company has no visibility into the targets. The lawsuit is still ongoing, but NSO’s controversial actions have led to the company being closely scrutinized.
New Hacking Incidents and the Targets
In recent weeks, several individuals, including a UK-based political journalist, have received notifications from Apple that their phones were hacked by “state actors.” The exact source of these attacks is not yet clear, whether it was NSO or another spyware provider. The targeted individuals are likely being monitored due to their roles or activities.
Closing Thoughts
Apple’s emergency software update is a testament to the company’s commitment to protecting its users’ privacy. The ongoing battle between technology companies and spyware makers highlights the need for constant vigilance in the ever-evolving digital landscape. As users, it is essential to stay informed about security threats and regularly update our devices to ensure maximum protection.
Summary
Apple Inc. has released an emergency software update to address a zero-day vulnerability that allowed the NSO group to remotely inject its Pegasus spyware onto iPhones and iPads. The update not only fixes the iOS code vulnerability but also addresses a separate vulnerability affecting the Apple Wallet. These actions by Apple aim to protect users from potential surveillance and privacy breaches. The update is part of a continuous effort by major technology companies to stay one step ahead of spyware makers who exploit unknown vulnerabilities in smartphones. The ongoing controversies surrounding NSO and its use of spyware highlight the need for increased cybersecurity measures. As users, it is crucial to stay informed about security threats and ensure our devices are regularly updated for optimal protection.
—————————————————-
| Article | Link |
|---|---|
| UK Artful Impressions | Premiere Etsy Store |
| Sponsored Content | View |
| 90’s Rock Band Review | View |
| Ted Lasso’s MacBook Guide | View |
| Nature’s Secret to More Energy | View |
| Ancient Recipe for Weight Loss | View |
| MacBook Air i3 vs i5 | View |
| You Need a VPN in 2023 – Liberty Shield | View |
Get free updates from Apple Inc
We will send you a myFT Daily collection email with the list of the latest news the Apple company news every morning.
Apple has released an emergency software update after being alerted that a previously unknown vulnerability allowed Israeli group NSO to remotely and covertly inject its Pegasus spyware onto iPhones and iPads.
The weakness in the iOS code, called zero-day, appears to have allowed it NSO extension customers, including Saudi Arabia, Rwanda and Mexico, to hide code within images sent via iMessage that would allow the Pegasus military-grade spyware to take control of a phone’s functions.
Pegasus can covertly read encrypted messages stored on your phone, turn on your camera and microphone remotely, and continuously track your phone’s location, and has been linked to human rights abuses from Mexico to East Africa, resulting that the Israeli company was blacklisted by the US Department of Commerce.
The patch also fixes a vulnerability that affected the Apple Wallet, where people store payment cards, the company said in a brief statement Thursday evening without providing further details as it rolled out the update to billions of phones.
This latest patch, among many Apple has published in recent years, a cat-and-mouse game continues between major U.S. technology companies and spyware makers, many of them based in Israel, who weaponize and then market unknown vulnerabilities in smartphones so that their clients, who tend to be government agencies, can surveil thousands of targets without being detected.
NSO said: “We are unable to respond to any allegations that do not include any supporting research.”
Although NSO has maintained that its product is only intended to monitor potential terrorists and fight organized crime, this vulnerability was discovered by the University of Toronto’s Citizen Lab, which said it found it on the phone of a Washington-based employee , DC. of a “civil society” organization with international offices.
Citizen Lab has previously tracked spyware on the phones of hundreds of dissidents, journalists, lawyers and opposition leaders in countries with poor human rights records. The current breach would have been stopped if those at risk of government surveillance had allowed it Lockout mode on their iPhones, which severely limits some functions, including message attachments and incoming FaceTime calls from unknown numbers, Citizen Lab said.
“Apple has become much more aggressive in finding (vulnerabilities) and patching, and has also done an amazing job with Lockdown Mode,” said John Scott-Railton, senior researcher at the watchdog. “This puts substantial pressure on the mercenary spyware ecosystem and companies like NSO.”
The US government blacklisting was prompted by the discovery of Pegasus on the phones of US Embassy employees in Uganda, leading to spyware like NSO’s being listed as a major counterintelligence and national security threat to the government American.
The discovery of the latest vulnerability highlights how NSO continues to find rare weaknesses in some of the sophisticated operating systems, despite serious financial problems resulting from the sanctions imposed by the US government against it.
Made up almost entirely of veterans of the Israeli army’s elite signals intelligence units, the company was once valued at $1 billion by its London-based private equity backers, Novalpina Capital.
But a 2019 hack designed by NSO to inject its spyware using a vulnerability in the ubiquitous messaging platform WhatsApp, led to a lawsuit in a California court by WhatsApp owner Meta, joined by Apple, Amazon and other tech giants.
In that lawsuit, which is still ongoing, NSO argued that its actions should be immune from legal scrutiny because its software is used by sovereign nations and the company has no visibility into who the targets are.
In recent weeks, at least three other people, including a UK-based political journalist from the Daily Mail, have received notifications from Apple that their phones had been hacked by “state actors”. It is not yet clear whether these attacks came from NSO’s systems or those of its competitors.
“These attackers are likely targeting you individually because of who you are or what you do,” the notification read.
—————————————————-