Apple Inc on Monday said it patched a security flaw in its Messages app after security researchers determined that Israel-based NSO Group used it to “exploit and infect” the US firm’s latest devices with spyware.
The flaw, disclosed on Monday by Citizen Lab, allowed a hacker using NSO’s Pegasus malware to gain access to a device owned by an unnamed Saudi Arabian rights advocate, security researchers said.
Apple said the flaw could be exploited if a user on a vulnerable device received a “maliciously crafted” PDF file.
Photo: AFP
The flaw was a “zero-day” vulnerability, a term that refers to recently discovered bugs that hackers can exploit and have not yet been patched.
People did not have to click on the malicious file for it to infect their devices, something known as a “zero-click” exploit, said a report released by Citizen Lab, a cyberresearch unit at the University of Toronto.
“What this highlights is that chat apps are the soft underbelly of device security,” Citizen Lab senior researcher John Scott-Railton wrote in a text message. “They are ubiquitous, which makes them really attractive, so they are an increasingly common target for attackers.”
“They need to be a major priority for security,” Scott-Railton said. “Narrowing the attack surface from chat apps will go a long way toward making all of our devices more secure.”
Apple is patching the bug on the iPhone, iPad, Mac and Apple Watch via iOS 14.8, iPadOS 14.8, macOS 11.6 and watchOS 7.6.2 software updates. The software releases came the day before a highly anticipated Apple product launch event yesterday.
The company was expected to announce the release date for iOS 15, Apple’s next major software update, which is to contain additional security protections.
“After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users,” Apple head of security engineering and architecture Ivan Krsti said in a statement. “We’d like to commend Citizen Lab for successfully completing the very difficult work of obtaining a sample of this exploit so we could develop this fix quickly.”
Attacks like this one are “highly sophisticated, cost millions of dollars to develop, often have a short shelf life and are used to target specific individuals,” Krsti said. “While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data.”
The NSO Group has been the subject of repeated criticism by Citizen Lab and other organizations after its spyware has been discovered on the phones of rights advocates and journalists critical of repressive regimes.
In its report on Monday, Citizen Lab accused NSO Group of facilitating “despotism-as-a-service for unaccountable government security agencies” and argued that regulation is “desperately needed.”
NSO Group has insisted that the spyware is intended to be used to fight terrorism and crime, not to aid in human rights abuses.
In its own statement, NSO Group said that the company “will continue to provide intelligence and law enforcement agencies around the world with life-saving technologies.”
In June, the company published its first Transparency and Responsibility Report, which defended its technology and efforts to curb misuse by customers.
The White House has raised concerns about NSO Group with senior Israeli officials, the Washington Post reported.
INTERGRATION: Jensen Huang said that every Nvidia department and function of the company should be using AI, after reportedly saying staff were ‘insane’ not to Nvidia Corp is in a “unique” position in the market, despite facing intensifying competition, chief executive officer Jensen Huang (黃仁勳) said during a brief visit to Taiwan yesterday amid a potentially growing challenge from Google for the artificial intelligence (AI) chip market. Huang told reporters that the AI market is “extremely large” and that while there is a lot of competition, Nvidia’s “condition is very strong and our position is very unique.” Huang, who arrived in Taipei on Thursday, was responding to questions about the possible threat posed by Google. According to a report in The Information on Tuesday, Meta has been in
Charming US President Donald Trump one week, angering China the next, Japanese Prime Minister Sanae Takaichi has had a busy start and is riding high in the polls, all on a few hours of sleep a night. However, the honeymoon might end soon for the Margaret Thatcher-admiring leader if a spat with China escalates further and she fails to keep inflation in check. “I believe Prime Minister Takaichi will surely do what she needs to do, so I trust her,” Kozue Otsuka, 50, told reporters at a festival this week for business owners seeking good fortune. While buying a lucky kumade rake featuring
INSULATED: The company said it is less exposed to global complications, as it has built a strong footprint worldwide, and has multiple sources of rare earths and raw minerals Merck Group yesterday said it would ramp up production next year at its new flagship facility in Kaohsiung’s Lujhu District (路竹) to satisfy growing demand for advanced semiconductor materials and specialty gases, and to address supply resilience issues amid mounting geopolitical risks. Merck made the remarks during a news conference before the inauguration of its 500 million euros (US$582.1 million) facility, which is also to supply other markets in the Asia-Pacific region, it said. Merck executive board deputy chair and electronics CEO Kai Beckmann told reporters the company adopted a “local-for-local” strategy about seven years ago to address the cycle time of
TECH TITANS: Amazon’s latest chip joins Google in competing for the 90 percent market share held by Nvidia, which claims it is ‘a generation ahead of the industry’ Amazon Web Services (AWS) on Tuesday launched its in-house-built Trainium3 artificial intelligence (AI) chip, marking a significant push to compete with Nvidia Corp in the lucrative market for AI computing power. The move intensifies competition in the AI chip market, where Nvidia dominates with an estimated 80 to 90 percent market share for products used in training large language models that power the likes of ChatGPT. Google last week caused tremors in the industry when it was reported that Facebook-parent Meta Platforms Inc would employ Google AI chips in data centers, signaling new competition for Nvidia. This followed the release last month of
RSS