Apple Inc on Monday said it patched a security flaw in its Messages app after security researchers determined that Israel-based NSO Group used it to “exploit and infect” the US firm’s latest devices with spyware.
The flaw, disclosed on Monday by Citizen Lab, allowed a hacker using NSO’s Pegasus malware to gain access to a device owned by an unnamed Saudi Arabian rights advocate, security researchers said.
Apple said the flaw could be exploited if a user on a vulnerable device received a “maliciously crafted” PDF file.
Photo: AFP
The flaw was a “zero-day” vulnerability, a term that refers to recently discovered bugs that hackers can exploit and have not yet been patched.
People did not have to click on the malicious file for it to infect their devices, something known as a “zero-click” exploit, said a report released by Citizen Lab, a cyberresearch unit at the University of Toronto.
“What this highlights is that chat apps are the soft underbelly of device security,” Citizen Lab senior researcher John Scott-Railton wrote in a text message. “They are ubiquitous, which makes them really attractive, so they are an increasingly common target for attackers.”
“They need to be a major priority for security,” Scott-Railton said. “Narrowing the attack surface from chat apps will go a long way toward making all of our devices more secure.”
Apple is patching the bug on the iPhone, iPad, Mac and Apple Watch via iOS 14.8, iPadOS 14.8, macOS 11.6 and watchOS 7.6.2 software updates. The software releases came the day before a highly anticipated Apple product launch event yesterday.
The company was expected to announce the release date for iOS 15, Apple’s next major software update, which is to contain additional security protections.
“After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users,” Apple head of security engineering and architecture Ivan Krsti said in a statement. “We’d like to commend Citizen Lab for successfully completing the very difficult work of obtaining a sample of this exploit so we could develop this fix quickly.”
Attacks like this one are “highly sophisticated, cost millions of dollars to develop, often have a short shelf life and are used to target specific individuals,” Krsti said. “While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data.”
The NSO Group has been the subject of repeated criticism by Citizen Lab and other organizations after its spyware has been discovered on the phones of rights advocates and journalists critical of repressive regimes.
In its report on Monday, Citizen Lab accused NSO Group of facilitating “despotism-as-a-service for unaccountable government security agencies” and argued that regulation is “desperately needed.”
NSO Group has insisted that the spyware is intended to be used to fight terrorism and crime, not to aid in human rights abuses.
In its own statement, NSO Group said that the company “will continue to provide intelligence and law enforcement agencies around the world with life-saving technologies.”
In June, the company published its first Transparency and Responsibility Report, which defended its technology and efforts to curb misuse by customers.
The White House has raised concerns about NSO Group with senior Israeli officials, the Washington Post reported.
Stephen Garrett, a 27-year-old graduate student, always thought he would study in China, but first the country’s restrictive COVID-19 policies made it nearly impossible and now he has other concerns. The cost is one deterrent, but Garrett is more worried about restrictions on academic freedom and the personal risk of being stranded in China. He is not alone. Only about 700 American students are studying at Chinese universities, down from a peak of nearly 25,000 a decade ago, while there are nearly 300,000 Chinese students at US schools. Some young Americans are discouraged from investing their time in China by what they see
MAJOR DROP: CEO Tim Cook, who is visiting Hanoi, pledged the firm was committed to Vietnam after its smartphone shipments declined 9.6% annually in the first quarter Apple Inc yesterday said it would increase spending on suppliers in Vietnam, a key production hub, as CEO Tim Cook arrived in the country for a two-day visit. The iPhone maker announced the news in a statement on its Web site, but gave no details of how much it would spend or where the money would go. Cook is expected to meet programmers, content creators and students during his visit, online newspaper VnExpress reported. The visit comes as US President Joe Biden’s administration seeks to ramp up Vietnam’s role in the global tech supply chain to reduce the US’ dependence on China. Images on
New apartments in Taiwan’s major cities are getting smaller, while old apartments are increasingly occupied by older people, many of whom live alone, government data showed. The phenomenon has to do with sharpening unaffordable property prices and an aging population, property brokers said. Apartments with one bedroom that are two years old or older have gained a noticeable presence in the nation’s six special municipalities as well as Hsinchu county and city in the past five years, Evertrust Rehouse Co (永慶房產集團) found, citing data from the government’s real-price transaction platform. In Taipei, apartments with one bedroom accounted for 19 percent of deals last
US CONSCULTANT: The US Department of Commerce’s Ursula Burns is a rarely seen US government consultant to be put forward to sit on the board, nominated as an independent director Taiwan Semiconductor Manufacturing Co (TSMC, 台積電), the world’s largest contract chipmaker, yesterday nominated 10 candidates for its new board of directors, including Ursula Burns from the US Department of Commerce. It is rare that TSMC has nominated a US government consultant to sit on its board. Burns was nominated as one of seven independent directors. She is vice chair of the department’s Advisory Council on Supply Chain Competitiveness. Burns is to stand for election at TSMC’s annual shareholders’ meeting on June 4 along with the rest of the candidates. TSMC chairman Mark Liu (劉德音) was not on the list after in December last