Arkansas Democrat-Gazette

Apple issues emergency system security update

Repair closes a vulnerabil­ity to Israeli spyware on computers, phones, watches

- NICOLE PERLROTH

Apple issued emergency software updates for a critical vulnerabil­ity in its products on Monday after security researcher­s uncovered a flaw that allows highly invasive spyware from Israel’s NSO Group to infect anyone’s iPhone, iPad, Apple Watch or Mac computer without so much as a click.

Apple’s security team had worked around the clock to develop a fix after researcher­s at Citizen Lab, a cybersecur­ity watchdog organizati­on at the University of Toronto, discovered that a Saudi activist’s iPhone had been infected with an advanced form of spyware from NSO.

The spyware, called Pegasus, used a novel method to invisibly infect Apple devices without victims’ knowledge. Known as a “zero click remote exploit,” it is considered the holy grail of surveillan­ce because it allows government­s, mercenarie­s and criminals to secretly break into someone’s device without tipping the victim off.

Pegasus can turn on a user’s camera and microphone, record messages, texts, emails, calls — even those sent by encrypted messaging and phone apps like Signal — and send them back to NSO’s clients at government­s around the world.

“This spyware can do everything an iPhone user can do on their device and more,” said John Scott-Railton, a senior researcher at Citizen Lab, who teamed up with Bill Marczak, a senior research fellow at Citizen Lab, on the finding.

The discovery means that more than 1.65 billion Apple products in use worldwide have been vulnerable to NSO’s spyware since at least March.

On Monday, Ivan Krstic, Apple’s head of security engineerin­g and architectu­re, commended Citizen Lab for its findings and urged customers to run the latest software updates for the fixes to take effect, by installing iOS 14.8, MacOS 11.6 and WatchOS 7.6.2.

NSO has said that it sells its spyware only to government­s that meet strict human-rights standards and that it expressly requires customers to agree to use its spyware only to track terrorists or criminals. But over the past six years, NSO’s Pegasus spyware has turned up on the phones of activists, dissidents, lawyers, doctors, nutritioni­sts and even children in countries like Saudi Arabia, the United Arab Emirates and Mexico.

Newspapers in English

Newspapers from United States