Apple has updated its software for iPhones to address a critical vulnerability that independent researchers say has been exploited by notorious surveillance software to spy on a Saudi activist.
Researchers from the University of Toronto's Citizen Lab said the software exploit has been in use since February and has been used to deploy Pegasus, the spyware made by Israeli firm NSO Group that has allegedly been used to surveil journalists and human rights advocates in multiple countries.
The urgent update that Apple (AAPL) released Monday plugs a hole in the iMessage software that allowed hackers to infiltrate a user's phone without the user clicking on any links, according to Citizen Lab. The Saudi activist chose to remain anonymous, Citizen Lab said.
Apple credited the Citizen Lab researchers for finding the vulnerability.
"Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals," Ivan Krstić, head of Apple Security Engineering and Architecture, said in a statement.
Krstić said Apple rapidly addressed the issue with a software fix and that the vulnerability is "not a threat to the overwhelming majority of our users."
Still, security experts encouraged users to update their mobile devices for protection.
In a statement, NSO Group did not address the allegations, only saying, "NSO Group will continue to provide intelligence and law enforcement agencies around the world with life-saving technologies to fight terror and crime."
The firm has previously said its software is only sold to vetted customers for counterterrorism and law enforcement purposes.
Researchers, however, say they have found multiple cases in which the spyware was deployed on dissidents or journalists. In 2019, Citizen Lab analysts alleged that Pegasus was used on the mobile phone of the wife of a slain Mexican journalist.
In a lawsuit filed in 2019, Facebook accused NSO Group of being complicit in a hack of 1,400 mobile devices using WhatsApp. (NSO Group disputed the allegations at the time.)
The proliferation of easy-to-use mobile hacking tools has given governments around the world a new and stealthy means of targeting adversaries. Sophisticated spyware made by NSO Group and other vendors has been reportedly used from Uzbekistan to Morocco.
The surge in spyware prompted a United Nations panel of human rights experts in August to call for a moratorium on the sale of such surveillance tools. The UN panel said the ban should remain in place until governments have "put in place robust regulations that guarantee its use in compliance with international human rights standards."
Latest Stories
-
Paris Olympic hopes hang in the balance as Ghana’s 4×100 relay team drops baton at World Relays
3 hours -
Western Regional House of Chiefs commends Bawumia for his humility and respect for traditional authorities
4 hours -
#JustTurned18: First-time voters critical to deciding 2024 presidential election
5 hours -
Video: EC lied that the cost per voter in 2020 was $7.7; it was $12.5 – Bright Simons
5 hours -
Former IGP passes on
5 hours -
Ejisu by-election: Kwadaso MP gave money to EC officials out of goodwill – Ahiagbah
5 hours -
Millennium City: Land owner breaks silence on fatal shooting of soldier
5 hours -
Photos of 2024 Aboakyer Festival
6 hours -
#JustTurned18: I now have an opportunity to use my thumb to bring someone into power – Excited prospective voters
6 hours -
OSP acted as a whistleblower transferring Cecilia Dapaah’s case to EOCO – Sammy Darko
7 hours -
IMF calls for tariff adjustment for energy sector cost recovery
7 hours -
Samson’s Take: Journalists, block the pretentious idiots
8 hours -
Real Madrid crowned LaLiga champions after Barcelona’s defeat at Girona
9 hours -
Daniel Otting Awuah elected SRC President of Ghana School of Law
10 hours -
Lawrence Ati-Zigi signs St. Gallen contract extension
10 hours