Apple Inc., the American multinational smartphone manufacturer, has reportedly rolled out an emergency software update to patch a security flaw after it was discovered that it allowed a prominent spyware, associated with the infamous Israel-based NSO Group, to infect a Mac computer, iPhone, or Apple Watch without the user having to interact with the device.
According to reliable sources, the malware was discovered on the phone of a yet unidentified Saudi Arabian activist by Citizen Lab, a Canadian internet security monitor.
This is the first time a "zero-click" security flaw has been discovered and analyzed. This exploit allows an attacker to effectively hack a device without needing the victim to click on anything, this means that there was virtually no chance to detect the cyberattack.
The phone is believed to have been hacked in February, but the researchers detected the dangerous malware on September 7 and promptly notified Apple.
Ivan Krstic, the head of Apple's security engineering and architecture, stated that after identifying the security flaw utilized by the exploit for iMessage, Apple quickly created and rolled out a patch in iOS 14.8 to protect the company’s consumers.
Krstic also explained that these type of attacks are highly complex and require an immense amount of capital, usually in millions to develop. They also have a short lifespan and are utilized to target specific people.
While this means they do not pose a threat to the vast majority of Apple users, the firm continues to work diligently to safeguard all of its customers. Apple is continuously implementing additional security to users' devices and data.
Bill Marczak, a researcher at Citizen Lab, stated that there is a significant probability that the cyberattack was carried out by the Israeli surveillance company, NSO Group. However, it is not being necessarily attributed to the Government of Saudi Arabia.
According to credible sources, NSO neither confirmed nor refuted its involvement in the technique, simply stating that it will continue to deliver life-saving technology to law enforcement and intelligence organizations throughout the world in the fight against terrorism and crime.
Source credit: https://news.sky.com/story/apple-issues-emergency-software-update-after-discovery-of-zero-click-malware-12407471