



Apple launched a critical product vulnerability on Monday after security researchers discovered a flaw in Israel’s NSO Group’s highly invasive spyware that could infect iPhones, Apple Watches, and Mac computers with the click of a click. We have issued an emergency software update for sex.

After researchers at Citizen Lab, a cybersecurity watchdog organization at the University of Toronto, discovered that Saudi activist iPhone was infected with NSO Group spyware, the Apples security team developed a patch 24 hours a day starting Tuesday. Is working on.

A spyware called Pegasus used a new method of invisiblely infecting Apple devices for six months without the victim’s knowledge. Known as the Zero-Click Remote Exploit, this exploit is considered the Holy Grail of Surveillance because it allows governments, mercenaries, and criminals to secretly break in without stealing the victim’s device.

Pegasus uses a zero-click infection method to turn on the user’s camera and microphone, record messages, texts, emails, and even those sent via phone apps such as encrypted messaging and Signal. You can record the call and send it back to government NSO clients around the world. ..

The spyware can do everything iPhone users can do with their devices, said John Scott Railton, a senior researcher at Citizen Lab, who teamed up with Bill Marzac, a senior researcher at Citizen Lab. ..

So far, victims have learned that their devices are infected with spyware only after receiving suspicious links sent in text messages to mobile phones and emails. However, NSO Group’s zero-click feature does not give victims such a prompt and allows them full access to their digital life. These features could earn millions of dollars in the underground market for hacking tools.

An Apple spokeswoman confirmed Citizen Labs’ rating and said the company plans to add a spyware barrier to the next iOS 15 software update scheduled for later this year.

NSO Group did not immediately respond to inquiries on Monday.

NSO Group has long been controversial. The company said it sells spyware only to governments that meet strict human rights standards. But over the last six years, the Pegasus spyware has appeared on the phones of activists, opponents, lawyers, doctors, nutritionists and even children in countries such as Saudi Arabia, the United Arab Emirates and Mexico.

In July, the NSO Group was tough on the media after Amnesty International, a human rights watchdog, and Forbidden Stories, a group focused on freedom of speech, published a list in collaboration with a consortium of media organizations for the Pegasus Project. It became the target of monitoring. It includes about 50,000 people, including hundreds of journalists, government leaders, opponents and activists selected by NSO clients.

We will help you protect your digital life

The consortium did not reveal how the list was obtained, and it was unclear whether the list was ambitious or whether people were actually targeted by NSO spyware.

Among those listed included AzamAhmed, a former New York Times Mexico City bureau chief who reported extensively on corruption, violence and surveillance in Latin America, including the NSO itself. And Ben Hubbard, Beirut’s Times bureau chief, investigated infringement and corruption in Saudi Arabia and wrote a recent biography of Crown Prince of Saudi Arabia Mohammed bin Salman.

Shalev Hulio, co-founder of NSO Group, vehemently denied the accuracy of the list and told The Times: It’s like opening a white page, selecting a number of 50,000, and drawing conclusions from it.

NSO clients previously infected their targets with text messages that prompted victims to click links. These links allowed journalists to investigate the possible existence of NSO spyware. However, the new zero-click method makes it much more difficult for journalists and cybersecurity researchers to discover spyware.

Marzac, a Citizen Lab researcher who helped discover exploits on the phone of Saudi activists, said the commercial spyware industry is getting darker.

Scott-Railton urged Apple customers to perform software updates.

Do you have an Apple product? Update it today, he said.

