TECH NEWS – Apple has released a software patch to block so-called “zero-click” spyware that infects iPhones and iPads. The problem affects all of the tech giant’s operating systems, according to researchers.
Independent researchers have identified the flaw, allowing hackers to access devices via the iMessage service even if users do not click on a link or file. Apple said it issued the security update in response to a “maliciously edited” PDF file. The University of Toronto’s Citizen Lab, which first drew attention to the problem, has previously found evidence of zero-click spyware, but “this is the first where we’ve been able to fix the exploit so we can find out how it works,” said researcher Bill Marczak.
The researchers said the previously unknown vulnerability affects all major Apple devices, including iPhones, Macs and Apple Watches. Citizen Lab also said that the vulnerability was exploited by installing spyware on the iPhone of a Saudi activist, adding that an Israeli company called NSO Group is most likely behind the attack.
In a statement to Reuters news agency, NSO neither confirmed nor denied that it was behind the spyware, saying only that it “continues to provide life-saving technologies to intelligence and law enforcement agencies worldwide in the fight against terrorism and crime”.
Security experts say that although the revelation is significant, most users of Apple devices should not be overly concerned as such attacks are usually very targeted. In a blog post, Apple said that it released software patches for iOS 14.8 and iPadOS 14.8 after becoming aware of a report that the flaw could have been “actively exploited”.
The announcement came as the tech giant was preparing to unveil new devices at its annual launch event on Tuesday. The company is expected to unveil new iPhones as well as updates to AirPods and Apple Watch.
Apple’s iMessage is one of the world’s most secure messaging apps, but it had a dangerous weakness found and exploited by a hacking team. The news embarrasses Apple, which prides itself on being a safe and secure system. The revelation is also potentially a further blow to the reputation of the NSO Group, which is still suffering from allegations of widespread hacking attacks on innocent people for espionage purposes.
It also highlights once again that no tool is completely safe if a determined, well-funded team wants to hack it and has enough money to do so. The excellent advice from all quarters is for iOS users to update their devices’ security software as soon as possible to patch the vulnerability. But for the vast majority of users, the risk of becoming a target of this expensive and highly skilled hacking program is low.
Source: BBC News
Leave a Reply