Last Updated on September 14, 2021 by Calvin C.
Apple issued emergency security updates to close a spyware flaw that was used by an Israeli spyware company, NSO Group, to infect a target’s Apple device. This flaw was discovered by researchers at University of Toronto’s Citizen Lab and it was described as a zero-day zero-click exploit, targeting iMessages.
The updates patched this scary vulnerability in supported iPhones, iPads, Macs and Apple Watches (see below).
Citizen Lab informed Apple of its findings and the tech giant “confirmed that the files included a zero-day exploit against iOS and MacOS.”
According to the Citizen Lab, the spyware is called Pegasus and it infected a victim’s Apple device without getting detected.
“We determined that the mercenary spyware company NSO Group used the vulnerability to remotely exploit and infect the latest Apple devices with the Pegasus spyware,” read part of the report released by Citizen Lab.
This type of spyware cannot be detected by the victim, making it a very effective surveillance tool.
In other words, the spyware can secretly turn on the camera, microphone, record any communication, then send all that information back to NSO’s clients anywhere in the world.
NSO Group and controversies
On its website, NSO Group indicates that it “creates technologies that help government agencies to prevent and investigate terrorism and crime..”
Although NSO Group distances itself from terror organizations, its spyware has turned up in the suspicious hands.
In August 2018, the Human Rights Group Amnesty International accused NSO Group of assisting Saudi Arabia to spy on a member of the organization.
Check you device to make sure you are using the following OS:
- iOS 14.8 – iPhone 6s or later
- iPad OS 14.8 – iPad Pro (all models), iPad Air 2 or later, iPad 5th generation or later, iPad mini 4 or later,
- WatchOS 7.6.2
- MacOS Big Sur 11.6
- Security update 2021-005 for Catalina
The findings by Citizen Lab
According to the report released by Citizen Lab, the discovery was made when researchers were analyzing the phone of a Saudi activist infected with NSO Group’s Pagasus spyware.
They urged all users of Apple devices to update to the latest OS:
“Today, September 13th, Apple is releasing an update that patches CVE-2021-30860. We urge readers to immediately update all Apple devices.” read the report.
You can read the full report by Citizen Lab here.
Make sure you update your iPhone, Mac and Apple Watch right now, as you never know if you have Pegasus.
Share this article with your friends. Subscribe to get the latest cybersecurity updates and helpful tips.