Cyber security researchers at Citizen laboratory discovered new spyware that infects Apple devices through iMessage. Victims are infected with a clickless exploit, which means spyware can affect your device even if you don’t open or download a message attachment. Apple advises All iPhone, Apple Watch, and Mac users to perform a software update to correct the problem.
Citizen Lab and Apple confirm that the spyware, called Pegasus, is a product of Israeli spyware company NSO Group. And yes, product is a key word here – Pegasus is regularly authorized by governments to monitor terrorists and potential criminals.
But today’s exploit was not discovered on a terrorist’s iPhone. Instead, it was discovered to infect the phone of a Saudi dissident, possibly a journalist or activist. This isn’t the first time governments (or powerful non-governmental organizations) have used Pegasus to track dissidents. Spyware infected the phone of a Mexican journalist two days before he was killed for investigating a cartel, and he was used to track associates of the murdered Washington Post reporter Jamal Khashoggi in Saudi Arabia.
NSO Group insists it follows strict human rights practices and only sells spyware to “legitimate” governments. He also claims that American citizens never get infected by Pegasus or other spyware developed by NSO.
Independently, Apple advises all its customers to update their iPhone, Mac or Apple Watch. The following devices are vulnerable to this exploit, according to Apple:
To note: All iPhones with iOS versions prior to 14.8, all Mac computers with operating system versions prior to OSX Big Sur 11.6, Catalina security update 2021-005, and all Apple watches prior to watchOS 7.6. 2.
You can update your iPhone or Mac from its settings. To update your Apple Watch, install the latest version of iOS on your iPhone, open the Apple Watch app, tap the My Watch tab, open General, and go to Software Update.