Apple has closed a security hole that experts believe can be used to spy on messages on iPhones and other devices. Researchers from Citizen Lab said they discovered the vulnerability while analyzing the phone of a Saudi Arabian activist. The device was infected with the monitoring software “Pegasus” from the Israeli company NSO, reported Citizen Lab on Monday.
Apple released software updates for iPhones and iPads on Monday to close the security gap. For the protection to take effect, the updates must be installed by the users. Citizen Lab estimates that the vulnerability has been exploited since at least February 2021.
The vulnerability is a so-called zero-day exploit. Vulnerabilities are named that are known neither to the software provider nor to the general public and can therefore be used clandestinely. Among other things, they are specifically searched for by secret services and used for surveillance measures. Such weak points are therefore considered to be particularly valuable and are usually used very specifically against individual target persons.
According to Apple, the vulnerability can be exploited with the help of a prepared PDF file. Citizen Lab had reported the group to the security gap last week.
NSO was last criticized in mid-July. An international journalist consortium reported that opposition members and reporters had also been spied on with the “Pegasus” software. At that time it was said that traces of successful or attempted attacks had been discovered on 37 smartphones by journalists, human rights activists, their family members and business people.
As on previous similar allegations, NSO countered that Pegasus was “only sold to law enforcement and intelligence agencies of audited governments with the sole aim of saving lives by preventing crime and acts of terrorism.”