Apple Issues a Fix for Pegasus-linked Security Flaw

A security flaw was found in Apple's devices which allows spyware to infiltrate users' devices - link-free.

  • Apple Issues Fix for Pegasus-linked Security Flaw | Getty
    Apple's zero-day flaw allowed Pegasus to infect the device without any links clicked (Getty Images). 

Apple patched a zero-day security flaw Monday that could let the Israeli NSO's Pegasus spyware infect devices without the user clicking on any malicious messages or links.

The Israeli spyware has been scrutinized since an international investigation resulted in a report that showed its use for hacking, spying, and violation of privacy. It was used by several regimes, such as the Saudi regime, to spy on journalists, dissidents, human rights activists, and even heads of state.

The spyware would infect a device and access the user's camera and microphone, their call log, emails, photos, and messages - even encrypted ones. It gave the attacker almost full control of the device with as little as a click - or so we thought.

Citizen Lab, a Canadian-based cybersecurity watchdog organization, discovered the vulnerability while its researchers examined a Saudi activist's phone that had been exposed to the malware and compromised by it.

Citizen Lab made a post in which it said, "We determined that the mercenary spyware company NSO Group used the vulnerability to remotely exploit and infect the latest Apple devices with the Pegasus spyware."

Citizen Lab examined the activist's device in March and established it was hacked using NSO's Pegasus. They found that the spyware was introduced via iMessage, Apple's text messaging service. They also found that the user did not even need to click any malicious links for the spyware to infect or compromise their device.

Apple said they "rapidly" took to developing the update after Citizen Lab discovered the problem, hours after patching the problem.

"Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals," the Tech Giant said.

To no surprise, NSO did not dispute that its spyware was the reason behind the urgent software update to patch the vulnerability that "may have been actively exploited." The Israeli tech company, however, issued a statement asserting that they would "continue to provide intelligence and law enforcement agencies around the world with life-saving technologies to fight terror and crime."

Pegasus' "zero-click remote exploit" used a method to indirectly infect Apple's devices without the victim's knowledge. This discovery means that over 1.65 billion Apple products worldwide have been exposed to the spyware since at least March, under everyone's noses.

As of recently, UN experts called for an international moratorium on the sale of surveillance technology until the implementation of regulations to protect human rights following. This call came in the wake of the Israeli spyware scandal that exposed Pegasus.