Malicious image files were transmitted to the activist's phone via the iMessage instant-messaging app before it was hacked with NSO's Pegasus spyware, which opens a phone to eavesdropping and remote data theft, Marczak said. “We're not necessarily attributing this attack to the Saudi government,” said researcher Bill Marczak.Ĭitizen Lab previously found evidence of zero-click exploits being used to hack into the phones of al-Jazeera journalists and other targets, but hasn't previously seen the malicious code itself.Īlthough security experts say that average iPhone, iPad and Mac user generally need not worry - such attacks tend to be limited to specific targets - the discovery still alarmed security professionals. Read | Apple issues fix for flaw linked to Pegasus spyware The targeted activist asked to remain anonymous, they said. They found the malicious code on September 7 and immediately alerted Apple. It was the first time a so-called “zero-click” exploit - one that doesn't require users to click on suspect links or open infected files - has been caught and analysed, the researchers said. NSO Group responded with a one-sentence statement saying it will continue providing tools for fighting “terror and crime”. The previously unknown vulnerability affected all major Apple devices - iPhones, Macs and Apple Watches, the researchers said. They said they had high confidence that the world's most infamous hacker-for-hire firm, Israel's NSO Group, was behind that attack. Researchers at the University of Toronto's Citizen Lab said the security issue was exploited to plant spyware on a Saudi activist's iPhone.
APPLE SECURITY UPDATE CLOSES SPYWARE IWATCHES PATCH
Apple released a critical software patch to fix a security vulnerability that researchers said could allow hackers to directly infect iPhones and other Apple devices without any user action.
0 kommentar(er)
