Following new findings of major spyware vulnerability, Apple has issued emergency security updates to its iOS, MacOS, and WatchOS products.
According to The Hill, researchers at Citizen Lab describe the spyware as a “zero-day zero-click exploit” software targeted against iMessage specifically.
“This spyware can do everything an iPhone user can do on their device and more,” John-Scott Railton, a senior researcher at Citizen Lab, told The New York Times on Monday. The vulnerability has allowed an Israeli company called NSO Group to infect Apple products with spyware. Citizen Lab made these findings last week, prompting Apple to issue immediate updates to its iOS devices in order to combat the spyware.
NSO Group has not recognized Citizen Lab’s findings. A spokesperson for the group told The Hill in a statement Monday that “NSO Group will continue to provide intelligence and law enforcement agencies around the world with life saving technologies to fight terror and crime.”
Citizen Lab researchers discovered the vulnerability and the NSO Group spyware program while studying the phone of a Saudi Arabian activist that they believed had already gotten infected by it. Researchers found that the vulnerability targeted the Apple image rendering library and allowed NSO Group to remotely infect and exploit the user’s device and personal information.
NSO Group has been accused of using spyware to hack into devices in the past as well. The FBI has investigated the group for human rights and privacy abuse, and WhatsApp accused them in 2019 of allowing its spyware to be used by governments to target high-ranking officials.
Apple suggests that iOS users update their devices immediately to be protected against the new spyware.