Apple has released iOS 14.8 to fix a weakness that spyware at the heart of the Pegasus scandal can infect devices without the user clicking on malicious messages or links.
NS Pegasus Software from an Israeli company NSO Group It has been under close scrutiny since international media investigations claimed to have been used to spy on the phones of human rights activists, journalists and even heads of state.
Researchers at Citizen Lab, a Canadian cybersecurity watchdog organization, discovered the problem while analyzing the phone of a Saudi activist whose code was compromised.
“We have determined that the mercenary spyware company NSO Group has used this vulnerability to remotely exploit the latest Apple devices to infect Pegasus spyware,” said Citizen Lab. Written in the post..
In March, Citizen Lab examined activist phones and determined that they had been hacked with Pegasus spyware introduced in the following ways: iMessage You sent a text message and the phone user didn’t even have to click.
A few hours after releasing the fix, Apple He said he developed the update “quickly” after Citizen Lab discovered the problem.
“Attackes like the one described are very sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals.” The company says.
The NSO did not object to Pegasus’ urge to urgent software upgrades, saying in a statement that it would “continue to provide intelligence and law enforcement agencies around the world with life-saving technology to combat terrorism and crime.” rice field.
No click required
Pegasus has evolved to be more effective since it was discovered by Citizen Lab and cybersecurity company Lookout five years ago.
According to Hank Shres, Senior Manager of Lookout, Pegasus can be deployed as a “zero-click exploit.” This means that victims can install spyware without clicking on booby trapped links or files.
“Many apps automatically preview or cache links to improve the user experience,” Schless said.
“Pegasus uses this feature to silently infect devices.”
UN experts recently called for an international moratorium on the sale of surveillance technology until the Israeli spyware scandal was followed by regulations to protect human rights.
According to an international media survey conducted in July, several governments used Pegasus malware created by NSO Group to spy on activists, journalists and politicians.
Pegasus can collect that data by switching on the phone’s camera or microphone.
“It is very dangerous and irresponsible to allow the surveillance technology and trade sector to function as a non-human rights area,” a UN human rights expert said in a statement at the time.
The statement was signed by three Special Rapporteurs on Rights and a Working Group on Human Rights and Multinational and Other Business Issues.
The Israeli defense facility has set up a committee to review NSO’s operations, including the process of granting export licenses.
The NSO claims that the software is intended to be used only in the fight against terrorism and other crimes, and says it exports to 45 countries.
https://gadgets.ndtv.com/apps/news/apple-ios-14-8-pegasus-flaw-fix-release-emergency-update-citizen-lab-macos-watchos-2540044#rss-gadgets-all Apple publishes iOS 14.8 to fix flaws linked to Pegasus spyware