advertisement
After spyware researchers at Citizen Lab discovered a malicious code used to attack iPhones through iMessage, United States (US) tech giant Apple offered a fix to prevent the Pegasus exploit for their users on Monday, 13 September, a report by The Washington Post said.
The list of numbers provided by France-based media non-profit, Forbidden Stories, and Amnesty International included names of journalists, human rights activists as well as opposition government leaders around the world.
The hack was discovered on an iPhone owned by a Saudi activist, however, the researchers have declined to name them. Further, Citizen Lab did not reveal which probable NSO governmental client deployed Pegasus against the activist.
According to researchers, the technique used to gain secret access to Apple iPhones, MacBooks and Apple Watches has been active since February and is called a “zero-click attack”.
By infiltrating through iMessage, FORCEDENTRY can transform the phone into a snooping device, activating cameras, microphones, and giving the client access to the location data, messages, call logs, and even emails of the targeted person.
However, speaking of the discovery, a researcher for Citizen Lab John Scott-Railton reportedly stated, “We wouldn’t have discovered this exploit if NSO’s tool wasn’t used against somebody they shouldn’t be targeting."
In a document on security content of iOS 14.8, Apple said, “Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.”
Head of Apple security engineering and architecture Ivan Krstić thanked Citizen Lab in an email, and lauded them for "successfully completing the very difficult work of obtaining a sample of this exploit so we could develop this fix quickly.”
The email added, "Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data.”
(With inputs from The Washington Post.)
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)