Apple has updated its software for iPhones to address a critical vulnerability that independent researchers say has been exploited by notorious surveillance software to spy on a Saudi activist. Researchers from the University of Toronto’s Citizen Lab said the software exploit has been in use since February and has been used to deploy Pegasus, the spyware made by Israel firm NSO Group that has allegedly been used to surveil journalists and human rights advocates in multiple countries.
The urgent updates released by Apple released plugs a hole in the iMessage software that allowed hackers to infiltrate a user’s phone without the user clicking on any links, according to Citizen Lab. The Saudi activist chose to remain anonymous, Citizen Lab said. Apple credited the Citizen Lab researchers for finding the vulnerability. Ivan Krstić, Head of Apple Security Engineering and Architecture, said in a statement. “Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals,” Krstić said Apple rapidly addressed the issue with a software fix and that the vulnerability is “not a threat to the overwhelming majority of our users.” Still, security experts advise users to update their mobile devices for protection.
