Apple Inc on Monday said it patched a security flaw in its Messages app after security researchers determined that Israel-based NSO Group used it to “exploit and infect” the US firm’s latest devices with spyware.
The flaw, disclosed on Monday by Citizen Lab, allowed a hacker using NSO’s Pegasus malware to gain access to a device owned by an unnamed Saudi Arabian rights advocate, security researchers said.
Apple said the flaw could be exploited if a user on a vulnerable device received a “maliciously crafted” PDF file.
Photo: AFP
The flaw was a “zero-day” vulnerability, a term that refers to recently discovered bugs that hackers can exploit and have not yet been patched.
People did not have to click on the malicious file for it to infect their devices, something known as a “zero-click” exploit, said a report released by Citizen Lab, a cyberresearch unit at the University of Toronto.
“What this highlights is that chat apps are the soft underbelly of device security,” Citizen Lab senior researcher John Scott-Railton wrote in a text message. “They are ubiquitous, which makes them really attractive, so they are an increasingly common target for attackers.”
“They need to be a major priority for security,” Scott-Railton said. “Narrowing the attack surface from chat apps will go a long way toward making all of our devices more secure.”
Apple is patching the bug on the iPhone, iPad, Mac and Apple Watch via iOS 14.8, iPadOS 14.8, macOS 11.6 and watchOS 7.6.2 software updates. The software releases came the day before a highly anticipated Apple product launch event yesterday.
The company was expected to announce the release date for iOS 15, Apple’s next major software update, which is to contain additional security protections.
“After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users,” Apple head of security engineering and architecture Ivan Krsti said in a statement. “We’d like to commend Citizen Lab for successfully completing the very difficult work of obtaining a sample of this exploit so we could develop this fix quickly.”
Attacks like this one are “highly sophisticated, cost millions of dollars to develop, often have a short shelf life and are used to target specific individuals,” Krsti said. “While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data.”
The NSO Group has been the subject of repeated criticism by Citizen Lab and other organizations after its spyware has been discovered on the phones of rights advocates and journalists critical of repressive regimes.
In its report on Monday, Citizen Lab accused NSO Group of facilitating “despotism-as-a-service for unaccountable government security agencies” and argued that regulation is “desperately needed.”
NSO Group has insisted that the spyware is intended to be used to fight terrorism and crime, not to aid in human rights abuses.
In its own statement, NSO Group said that the company “will continue to provide intelligence and law enforcement agencies around the world with life-saving technologies.”
In June, the company published its first Transparency and Responsibility Report, which defended its technology and efforts to curb misuse by customers.
The White House has raised concerns about NSO Group with senior Israeli officials, the Washington Post reported.
Application-specific integrated circuit designer Faraday Technology Corp (智原) yesterday said that although revenue this quarter would decline 30 percent from last quarter, it retained its full-year forecast of revenue growth of 100 percent. The company attributed the quarterly drop to a slowdown in customers’ production of chips using Faraday’s advanced packaging technology. The company is still confident about its revenue growth this year, given its strong “design-win” — or the projects it won to help customers design their chips, Faraday president Steve Wang (王國雍) told an online earnings conference. “The design-win this year is better than we expected. We believe we will win
Intel Corp chief executive officer Lip-Bu Tan (陳立武) is expected to meet with Taiwanese suppliers next month in conjunction with the opening of the Computex Taipei trade show, supply chain sources said on Monday. The visit, the first for Tan to Taiwan since assuming his new post last month, would be aimed at enhancing Intel’s ties with suppliers in Taiwan as he attempts to help turn around the struggling US chipmaker, the sources said. Tan is to hold a banquet to celebrate Intel’s 40-year presence in Taiwan before Computex opens on May 20 and invite dozens of Taiwanese suppliers to exchange views
Chizuko Kimura has become the first female sushi chef in the world to win a Michelin star, fulfilling a promise she made to her dying husband to continue his legacy. The 54-year-old Japanese chef regained the Michelin star her late husband, Shunei Kimura, won three years ago for their Sushi Shunei restaurant in Paris. For Shunei Kimura, the star was a dream come true. However, the joy was short-lived. He died from cancer just three months later in June 2022. He was 65. The following year, the restaurant in the heart of Montmartre lost its star rating. Chizuko Kimura insisted that the new star is still down
While China’s leaders use their economic and political might to fight US President Donald Trump’s trade war “to the end,” its army of social media soldiers are embarking on a more humorous campaign online. Trump’s tariff blitz has seen Washington and Beijing impose eye-watering duties on imports from the other, fanning a standoff between the economic superpowers that has sparked global recession fears and sent markets into a tailspin. Trump says his policy is a response to years of being “ripped off” by other countries and aims to bring manufacturing to the US, forcing companies to employ US workers. However, China’s online warriors
RSS