Israeli Pegasus Spyware Exploits Apple Device Vulnerability: Watchdog
TEHRAN (Tasnim) – Researchers from the digital watchdog group 'Citizen Lab' have uncovered spyware connected to the Israeli firm NSO, exploiting a recently identified flaw in Apple's devices.
During an examination of an Apple device belonging to an employee of a civil society organization in Washington, Citizen Lab identified the bug's utilization to infect the device with NSO's Pegasus spyware.
"The indications confirm with high confidence the responsibility of NSO's Pegasus spyware for the hacking operation, based on the forensic evidence we obtained from the target device," Bill Marczak, Senior Researcher at Citizen Lab, stated to Reuters.
Marczak also noted that the hacker likely made an installation error, leading Citizen Lab's engineers to discover the spyware.
The hack, known as Blastpass, was found to be capable of compromising iPhones running the latest iOS version, 16.6, without any user intervention.
Upon discovering this, Citizen Lab promptly informed Apple and pledged to provide more detailed reports on the future exploitation chain.
Apple responded by releasing updates to address the exploit chain, as reported by Al Jazeera Net.
Citizen Lab's statement urged users to update their devices immediately, as Apple's security engineering team confirmed that the new updates mitigate this specific cyber attack.
"We urge everyone to immediately update their devices. We encourage everyone who may face increased risk because of who they are or what they do to enable Lockdown Mode. We believe, and Apple's Security Engineering and Architecture team has confirmed to us, that Lockdown Mode blocks this particular attack. We commend Apple for their rapid investigative response and patch cycle, and we acknowledge the victim and their organization for their collaboration and assistance," the statement read, in part.
Apple swiftly released two critical security updates for the iPhone, iPad, Apple Watch, and Mac in response to the vulnerability. These updates were issued just days ahead of Apple's September 12, 2023, launch event.
Pegasus, a spyware tool developed by Israel-based NSO Group, has gained notoriety for targeting government officials, political activists, and journalists. This software remotely accesses devices to collect data, monitor messaging app conversations (e.g., WhatsApp and Facebook), surveil email exchanges and browsing activities, and utilize device cameras and microphones for spying purposes. Citizen Lab, Amnesty International, and other organizations have highlighted its use in targeting innocent individuals.