Apple Releases Emergency Security Updates To Fix Spyware Flaw

Spyware from Israel’s NSO Group infected Apple products.

Tech giant, Apple Inc issued emergency software patches for a critical vulnerability in its products on Monday after it discovered a flaw that allows highly invasive spyware from Israel’s NSO Group to infect iPhone, iPad, Apple Watch or Mac computer.

Apple advised that users should go through the process of updating the software on their devices. To do so, a user should go to the phone’s settings menu, and tap on ‘General,’ and then ‘Software Update.’ This will trigger the software patch to quickly update the device.

The hack was first discovered by researchers at Citizen Lab, a cybersecurity watchdog organization at the University of Toronto, where it found that a Saudi activist’s iPhone had been infected with an advanced form of spyware from NSO. The lab said that this was the first time a so-called zero-click exploit happened meaning that the spyware used a novel method to invisibly infect Apple devices without victims’ knowledge. The lab found the malicious code on September 7 and contacted Apple immediately.

A zero-click-remote-exploit is considered the Holy Grail of surveillance as it doesn’t require users to click on suspicious links or open infected files.

Spyware Pegasus is highly invasive as it can turn on a user’s camera and microphone; record messages, texts, emails, and calls, even those sent via encrypted messaging and phone apps; and send them back to NSO’s clients around the world.

"This spyware can do everything an iPhone user can do on their device and more," said John Scott-Railton, a senior researcher at Citizen Lab.

NSO’s zero-click capability meant victims received no suspicious link texted to their phone or email, and still, the flaw enabled full access to a person’s digital life. This capability can yield millions of dollars on the underground market for hacking tools, where governments authorities are not the regulators but are clients and are among the most paying spenders.

NSO has long drawn controversy. The firm has said that it trades its spyware only to governments that meet strict human rights standards and agrees to use its spyware only to track terrorists or criminals.

While, in contrast, "Starting in 2016, a series of New York Times investigations revealed the presence of NSO’s spyware on the iPhones of Emirati activists lobbying for expanded voting rights; Mexican nutritionists lobbying for a national soda tax; lawyers looking into the mass disappearance of 43 Mexican students; academics who helped write anti-corruption legislation; and journalists in Mexico and England"