Users should get alerts on their iPhones prompting them to update the phone’s iOS software and can go into the phone settings, click “General” then “Software Update,” and trigger the patch update directly. Specifically, malicious image files were transmitted to the activist’s phone via the iMessage instant-messaging app before it was hacked with NSO’s Pegasus spyware, which opens a phone to eavesdropping and remote data theft, Marczak said. “We’re not necessarily attributing this attack to the Saudi government,” Bill Marczak, a senior research fellow at Citizen Lab who partnered with Scott-Railton on the finding, told the AP.
But that’s not the case with its latest an upgrade that Apple released Wednesday to close a security hole that could allow hackers to seize control of iPhones and several other popular Apple products. 7 and alerted Apple, but the targeted Saudi activist asked to remain anonymous. NEW YORK (AP) Apple regularly issues updates to the software powering the iPhone, and sometimes it’s OK to dawdle when it comes to installing them.
If you’re still running older versions of iOS on your iPhone, iPod, or iPad, update now. Before I explain further, let me just say this: If you’ve gotten the prompt to update and you haven’t, do it now. Likewise, Apple’s security chief, Ivan Krstić, reiterated that such exploits “are not a threat to the overwhelming majority of our users.”Ĭitizen Lab researchers first detected the malicious code on Sept. This week, Apple rushed out a patch for its iOS 7 and iOS 6 operating systems to fix a serious security issue. The vulnerability reportedly affected all major Apple devices, including iPhones, Macs and Apple Watches, but security experts told the AP that average Apple users should remain calm because such attacks typically target specific marks. Apple said on Thursday that it would make improvements to its AirTag devices to make it more difficult for people to use them to track others without their. “This spyware can do everything an iPhone user can do on their device and more,” John Scott-Railton, a senior researcher at Citizen Lab, told the newspaper.Īccording to the Times, the novel “zero click remote exploit” is considered the “Holy Grail of surveillance” because it allows governments, mercenaries and criminals to covertly hack a victim’s device. Meanwhile, an Apple spokesman confirmed Citizen Lab’s assessment to the Times and said that the company planned to add spyware barriers to its next iOS 15 software update, expected before the end of 2021.ĭubbed “Pegasus,” the spyware was used to invisibly infect an Apple device without the victim’s knowledge for as long as six months, the Times reported.
In a blog post citing Citizen Lab, Apple stated that it is aware of the high-profile incident and was immediately issuing a security update for iPhones and iPads because a “maliciously crafted” PDF file could lead to them being hacked. NSO Group responded with a one-sentence statement saying it will continue providing tools for fighting “terror and crime.” Citizen Lab researchers told The Associated Press that they had the highest confidence that the world’s most infamous hacker-for-hire firm, Israel’s NSO Group, was behind that attack.