Apple users are being urged to download a fix for the Pegasus spyware flaw.
Apple consumers were urged to upgrade their iPhones on Tuesday as the company announced a cure for a critical software weakness that allows the Pegasus malware to be installed on phones without the user having to do anything.
While researching the phone of a Saudi activist, cybersecurity researchers at the Citizen Lab, a research center at the University of Toronto, discovered the weakness.
Thousands of people are thought to have been targeted by the Israeli-made Pegasus software, which has been used to intercept the communications of activists, journalists, and even leaders of state, according to media sources.
After Citizen Lab informed Apple about the flaw in its iMessage software on September 7, Apple stated Monday that it had “rapidly” developed a software repair.
“Attacks like the ones described are very complex, cost millions of dollars to develop, have a short shelf life, and are used to target specific individuals,” according to the firm.
Citizen Lab advised consumers to “immediately upgrade all Apple devices,” according to the organization.
Since July, explosive claims that governments have spied on people using the extraordinarily invasive software – produced by the NSO Group, a private Israeli corporation – have swept the globe.
Pegasus can read a target’s communications, look at their images, follow their activities, and even turn on their camera without the target’s knowledge after it’s installed on their phone.
The bug Apple patched on Monday is a so-called “zero-click exploit,” which means it can be installed on a device without the user having to do anything more than click a button.
To begin listening in on the target’s conversations, less sophisticated spyware solutions typically required the target to click on a booby-trapped link or file.
Citizen Lab believes the weakness, dubbed FORCEDENTRY, has been used to install Pegasus on devices since February 2021, if not earlier.
It’s a variation of a flaw in Apple’s iMessage software that Citizen Lab discovered on the iPhones of nine Bahraini activists hijacked by Pegasus between June 2020 and February this year.
“The soft underbelly of device security is popular messaging apps. They’re on every device,” said John Scott-Railton, a Citizen Lab senior researcher who discovered the issue.
WhatsApp, whose owner Facebook is suing the NSO Group, was previously accused of being used to infiltrate phones via Pegasus.
The security of messaging apps “has to be improved.” Brief News from Washington Newsday.