Surprisingly, and just on the eve of the new iOS 15, which will arrive in days with the iPhone 13, Apple has released updates for all operating systems. The new software corrects two loopholes in macOS, watchOS, iOS and iPadOS, which allow the installation of spyware without the user having to perform any operation.
The Cupertino company thus responded to the complaint of the Citizen Lab of the University of Toronto, according to which the Israeli software company NSO Group has been infecting iPhone phones and other Apple devices since February. The Israeli group produces Pegasus, the software used to spy on the phones of human rights activists, journalists and even heads of state, as an international mega-investigation revealed a few months ago.
It was Citizen Lab analysts who discovered the problem by analyzing the phone of a Saudi activist that was infected with Nso Group’s Pegasus spyware. Pegasus allows the perpetrator to access the activities of the infected device, but also the camera, microphone, photographs, location, text messages, emails and calls without the victim realizing it. The Israeli firm deals with cybersecurity, but its software is said to be used by several governments to gain access to the phones and other devices of journalists, activists and political rivals. The government of Bahrain also used it to spy on the phones of nine political opponents.
The software that spies on us costs a few tens of euros
by Pierluigi Paganini
In addition to being activated by simply sending a message to the victim, Forcedentry attacks a new software security feature called BlastDoor that Apple has included in iOS 14. “Our latest discovery of another Apple zero-day exploit employed as part of the arsenal of NSO Group clearly shows that companies like NSO Group are making it possible to introduce despotism simply by paying a certain amount, and by keeping unresponsive government security agencies out of the spotlight, “said Citizen Lab researchers.” The ubiquitous chat apps have become an important target for those who carry out more sophisticated threats, including spying operations of nation states and the mercenary spyware companies serving them. As they are currently designed, many chat apps have become an irresistible target, “they add. .
With the latest updates, the company has fixed a total of 15 zero-day vulnerabilities since early 2021. Ivan Krstic, Apple’s Head of Security Engineering and Architecture, said: “After identifying the vulnerability used by this iMessage exploit , Apple has quickly developed and deployed a fix in iOS 14.8 to protect our users. We would like to commend Citizen Lab for successfully completing the very difficult job of obtaining a sample of this exploit so that we can develop this update right away. Attacks like those described are highly sophisticated, cost millions of dollars to develop, often have a short lifespan, and are used to target specific individuals. “
The average user of iPhone, iPad and Mac generally does not have to worry, in short, but better follow Apple’s directions: “This update provides important security improvements and is recommended for all users”, reads the description of iOS 14.8 for iPhone in the App Store.
Not only Pegasus, the UN: “We need a moratorium on surveillance technologies”
by Federico Guerrini