WASHINGTON: Researchers at the digital watchdog group Citizen Lab have unveiled a significant security flaw in Apple devices, which they claim was exploited by spyware linked to the Israeli firm NSO Group. This revelation comes as a major concern for Apple users and digital security experts alike.
Citizen Lab made this discovery while inspecting an Apple device belonging to an employee of a Washington-based civil society organization last week. During their investigation, they determined that the flaw had been used to infect the device with NSO’s infamous Pegasus spyware.
Bill Marczak, a senior researcher at Citizen Lab, stated, “We attribute the exploit to NSO Group’s Pegasus spyware with high confidence, based on forensics we have from the target device.” Marczak also suggested that the attacker may have made an installation error, leading to the discovery of the spyware.
According to Citizen Lab, Apple confirmed that utilizing the high-security feature known as “Lockdown Mode” available on Apple devices effectively blocks this particular attack.
John Scott-Railton, another senior researcher at Citizen Lab, emphasized the critical role of civil society in serving as an early warning system against highly sophisticated cyberattacks. However, Citizen Lab did not provide specific details regarding the affected individual or the organization involved.
Vulnerability of Apple Devices’ Users
The identified flaw allowed for the compromise of iPhones running the latest version of iOS (16.6) without requiring any interaction from the victim. Fortunately, Apple has since addressed this vulnerability with a new software update.
Apple swiftly responded to Citizen Lab’s findings by issuing updates across its range of devices. An Apple spokesperson refrained from providing further comments on the matter, while Citizen Lab urged consumers to promptly update their devices to safeguard against such threats.
NSO Group, the Israeli firm at the center of this controversy, is no stranger to controversy. It has been blacklisted by the US government since 2021 over allegations of abuses, including surveillance of government officials and journalists. In response to these recent allegations, NSO stated, “We are unable to respond to any allegations that do not include any supporting research.”
