Apple has released an urgent update for its iPhone software that addresses a critical vulnerability that has already been exploited by a notorious surveillance software, according to independent researchers.
CNN reports that researchers from the University of Toronto’s Citizen Lab have said the software exploit has been in use since February and has been used to deploy the so-called ‘Pegasus,’ spyware made by the Israeli firm NSO Group that has allegedly been used to gather information from journalists and human rights advocates in several countries.
The urgent update issued by Apple fixed an exploit in the iMessage software that was allowing hackers to infiltrate a user’s phone without the user clicking on any links, according to Citizen Lab. Apple has since credited the Citizen Lab researchers for discovering the security flaw.
“Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals,” said Ivan Krstic, head of Apple Security Engineering and Architecture, in a statement.
While Krstic said that the vulnerability is “not a threat to the overwhelming majority of our users,” Apple has rapidly addressed the issue with a software fix. Security experts are still encouraging users to update their mobile devices for protection.
The NSO Group did not address the allegations, only saying in a statement seen by CNN, “NSO Group will continue to provide intelligence and law enforcement agencies around the world with life-saving technologies to fight terror and crime.”
NSO Group claims that its software is only sold to vetted customers for counterterrorism and law enforcement purposes.
Researchers, however, dispute these claims, having found multiple cases in which the spyware was deployed on dissidents and journalists. In 2019, Citizen Lab analysts alleged that Pegasus was installed on the phone of the wife of a murdered Mexican journalist, who was believed to have been found by his killers using the NSO technology.