• Home
  • BTC
  • Digital Coin
  • ETH
  • Featured
  • News
  • Technology
  • Trends
  • Contact
Facebook Twitter Instagram
Digital Blog
  • Home
  • BTC
  • Digital Coin
  • ETH
  • Featured
  • News
  • Technology
  • Trends
  • Contact
Facebook Twitter Instagram
Digital Blog
Home»Information»Apple Security Update Closes Spyware Flaw in iPhones, Macs and iWatches
Information

Apple Security Update Closes Spyware Flaw in iPhones, Macs and iWatches

Digital-Blog.comBy Digital-Blog.comDecember 17, 2021Updated:November 10, 2022No Comments9 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Share
Facebook Twitter LinkedIn Pinterest Email

Apple issued emergency software updates for a critical vulnerability in its products on Monday after security researchers uncovered a flaw that allows highly invasive spyware from Israel’s NSO Group to infect anyone’s iPhone, iPad, Apple Watch or Mac computer without so much as a click.
Apple’s security team had worked around the clock to develop a fix since Tuesday, after researchers at Citizen Lab, a cybersecurity watchdog organization at the University of Toronto, discovered that a Saudi activist’s iPhone had been infected with an advanced form of spyware from NSO.
The spyware, called Pegasus, used a novel method to invisibly infect Apple devices without victims’ knowledge. Known as a “zero click remote exploit,” it is considered the Holy Grail of surveillance because it allows governments, mercenaries and criminals to secretly break into someone’s device without tipping the victim off.
Using the zero-click infection method, Pegasus can turn on a user’s camera and microphone, record messages, texts, emails, calls — even those sent via encrypted messaging and phone apps like Signal — and send them back to NSO’s clients at governments around the world.
“This spyware can do everything an iPhone user can do on their device and more,” said John Scott-Railton, a senior researcher at Citizen Lab, who teamed up with Bill Marczak, a senior research fellow at Citizen Lab, on the finding.
The discovery means that more than 1.65 billion Apple products in use worldwide have been vulnerable to NSO’s spyware since at least March. It signals a serious escalation in the cybersecurity arms race, with governments willing to pay whatever it takes to spy on digital communications en masse, and with tech companies, human rights activists and others racing to uncover and fix the latest vulnerabilities that enable such surveillance.
Apple issued a software update on Monday to fix a critical flaw in its products that had allowed governments to invisibly spy on Apple users without so much as a click.
Here’s how to update your iPhone with the software patch →
First, make sure your iPhone is plugged in or has at least 50 percent battery life.
Then:
Go to Settings.
Click General.
Click Software Update.
Click Install Now to update to iOS 14.8.
Updating the software closes the flaw, which had let highly invasive spyware from Israel’s NSO Group infect people’s Apple devices.
The spyware was able to:
Turn on a user’s camera and microphone.
Record their messages, texts, emails and calls.
Track someone’s location.
Steal passwords.
Access encrypted messages.
The discovery of the spyware means that more than 1.65 billion Apple products in use worldwide have been vulnerable to NSO’s spyware since at least March.
Because of how sophisticated the software was, it’s hard to know whose devices had been compromised. It is critical to update your iPhone and other Apple devices — iPads, Mac computers and Apple Watch — with the new software as soon as possible.
Read more on the Apple software flaw that was patched.
In the past, victims learned their devices were infected by spyware only after receiving a suspicious link texted to their phone or email, and sharing the link with journalists or cybersecurity experts. But NSO’s zero-click capability meant victims received no such prompt, and the flaw enabled full access to a person’s digital life. Such abilities can fetch millions of dollars on the underground market for hacking tools, where governments are not regulators but are clients and are among the most lucrative spenders.
On Monday, Ivan Krstić, Apple’s head of security engineering and architecture commended Citizen Lab for its findings and urged customers to run the latest software updates for the fixes to take effect, by installing iOS 14.8, MacOS 11.6 and WatchOS 7.6.2.
“Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life and are used to target specific individuals,” Mr. Krstić said.
Apple has said it plans to introduce new security defenses for iMessage, Apple’s texting application, in its next iOS 15 software update, expected later this year.
NSO did not immediately respond to inquiries on Monday.
NSO has long drawn controversy. The company has said that it sells its spyware only to governments that meet strict human rights standards and that it expressly requires customers to agree to use its spyware only to track terrorists or criminals.
But over the past six years, NSO’s Pegasus spyware has turned up on the phones of activists, dissidents, lawyers, doctors, nutritionists and even children in countries like Saudi Arabia, the United Arab Emirates and Mexico.
Starting in 2016, a series of New York Times investigations revealed the presence of NSO’s spyware on the iPhones of Emirati activists lobbying for expanded voting rights; Mexican nutritionists lobbying for a national soda tax; lawyers looking into the mass disappearance of 43 Mexican students; academics who helped write anti-corruption legislation; journalists in Mexico and England; and an American representing victims of sexual abuse by Mexico’s police.
In July, NSO became the subject of further scrutiny after Amnesty International, the human rights watchdog, and Forbidden Stories, a group that focuses on free speech, teamed up with a consortium of media organizations on “The Pegasus Project” to publish a list of 50,000 phone numbers, including some used by journalists, government leaders, dissidents and activists, that they said had been selected as targets by NSO’s clients.
The consortium did not disclose how it had obtained the list, and it was unclear whether the list was aspirational or whether the people had actually been targeted with NSO spyware.
Among those listed were Azam Ahmed, who had been the Mexico City bureau chief for The Times and who has reported widely on corruption, violence and surveillance in Latin America, including on NSO itself; and Ben Hubbard, The Times’s bureau chief in Beirut, Lebanon, who has investigated rights abuses and corruption in Saudi Arabia and wrote a recent biography of the Saudi crown prince, Mohammed bin Salman.
It also included 14 heads of state, including President Emmanuel Macron of France, President Cyril Ramaphosa of South Africa, Prime Minister Mostafa Madbouly of Egypt, Prime Minister Imran Khan of Pakistan, Saad-Eddine El Othmani, who until recently was the prime minister of Morocco, and Charles Michel, the head of the European Council.
Shalev Hulio, a co-founder of NSO Group, vehemently denied the list’s accuracy, telling The Times, “This is like opening up the white pages, choosing 50,000 numbers and drawing some conclusion from it.”
This year marks a record for the discovery of so-called zero days, secret software flaws like the one that NSO used to install its spyware. This year, Chinese hackers were caught using zero days in Microsoft Exchange to steal emails and plant ransomware. In July, ransomware criminals used a zero day in software sold by the tech company Kaseya to bring down the networks of some 1,000 companies.
For years, the spyware industry has been a black box. Sales of spyware are locked up in nondisclosure agreements and are frequently rolled into classified programs, with limited, if any, oversight.
NSO’s clients previously infected their targets using text messages that cajoled victims into clicking on links. Those links made it possible for journalists and researchers at organizations like Citizen Lab to investigate the possible presence of spyware. But NSO’s new zero-click method makes the discovery of spyware by journalists and cybersecurity researchers much harder.
“The commercial spyware industry is going darker,” said Mr. Marczak, the Citizen Lab researcher. Mr. Marczak said he was first approached by the Saudi activist in March. But it was only last week that he was able to parse evidence from the activist’s phone and uncover digital crumbs similar to those on the iPhones of other Pegasus targets.
Mr. Marczak said he found that the Saudi activist, who declined to be identified, had received an image. That image, which was invisible to the user, exploited a vulnerability in the way that Apple processes images and allowed the Pegasus spyware to be quietly downloaded onto Apple devices. With the victim none the wiser, his or her most sensitive communications, data and passwords were siphoned off to servers at intelligence and law-enforcement agencies around the globe.
Citizen Lab said the scale and scope of the operation was unclear. Mr. Marczak said, based on the timing of his discovery of Pegasus on the Saudi activist’s iPhone and other iPhones in March, it was safe to say the spyware had been siphoning data from Apple devices for at least six months.
The zero-click exploit, which Citizen Lab dubbed “Forcedentry,” was among the most sophisticated exploits discovered by forensics researchers. In 2019, researchers uncovered that a similar NSO zero-click exploit had been deployed against 1,400 users of WhatsApp, the Facebook messaging service. Last year, Citizen Lab found a digital trail suggesting NSO may have a zero-click exploit to read Apple iMessages, but researchers never discovered the full exploit.
NSO was long suspected of having a zero-click capability. A 2015 hack of one of NSO’s chief competitors, Hacking Team, a Milan-based spyware outfit, revealed emails showing Hacking Team executives scrambling to match a remote, zero-click exploit that its customers claimed NSO had developed. That same year, a Times reporter obtained NSO marketing materials for prospective new clients that mentioned a remote, zero-click capability.
Proof of the capability never turned up.
“Today was the proof,” Mr. Marczak said.
Forcedentry was the first time that researchers successfully recovered a full, zero-click exploit on the phones of activists and dissidents. When such discoveries are revealed, governments and cybercriminals typically try to exploit vulnerable systems before users have a chance to patch them, making timely patching critical.
Mr. Scott-Railton urged Apple customers to run their software updates immediately.
“Do you own an Apple product? Update it today,” he said.

News Technology Update
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Digital-Blog.com

Related Posts

Common Types of Injuries and How They Affect Your Body

January 5, 2023

Porsche Macan GTS For Sale

November 27, 2022

How to Dress Up in Business cMen’s Clothing

November 26, 2022

Leave A Reply Cancel Reply

Facebook Twitter Instagram Pinterest
  • Home
  • BTC
  • Digital Coin
  • ETH
  • Featured
  • News
  • Technology
  • Trends
  • Contact
© 2023 ThemeSphere. Designed by ThemeSphere.

Type above and press Enter to search. Press Esc to cancel.

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Cookie SettingsAccept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT