Apple Rushes 14.8 Update To Block Pegasus' Zero-Click Exploit
The exploit was first discovered by Toronto's Citizen Lab, while analysing the iPhone of a Saudi activist who was a victim of a Pegasus attack.
Apple issued a series of emergency software updates on Monday to block the vulnerability used by the Pegasus spyware to target iPhone users, and compromise their devices.
Pegasus, made by Israel's NSO Group, used a zero-day zero-click exploit with iPhone's iMessage service, which enabled them to take full control of the devices, including its cameras, microphones and data, without a single click from the user.
The exploit was first discovered by University of Toronto's Citizen Lab, while analysing the iPhone of a Saudi activist who was a victim of a Pegasus attack.
According to Citizen Lab, Pegasus allows root privileges to the hacker, which means it can have more access on the device than the user. The researchers also said that this vulnerability affected most Apple devices, including iPhones, Macs and Apple Watches.
Apple, which had built a reputation in the tech industry for providing high levels of digital security, had taken a severe blow following the discovery of the zero-day hack. Its hurried announcement of a new software patch comes one day before the company is set to unveil new devices at its annual launch event on September 14.
Pegasus In India
This makes the 12 million-and-more iPhone users in India open to potential hacking through Pegasus.
Previously, The Wire, along with a consortium of media organisations, had reported how a number of people including journalists, activists, lawyers, politicians and even medical researchers in India were part of a list of people of interest for NSO's clients, making them potential candidates for spying through Pegasus.
Until date, the government has not denied its use of Pegasus, while providing highly vague statements to dodge an official confirmation of the use of spyware in India on civilians.
Just ahead of Apple's launch of the updates, the Supreme Court reserved its verdict on a batch of pleas seeking a court-monitored probe in the alleged use of Pegasus against a top court judge (since retired) and staff registry, members of the Opposition, journalists, civil rights activists, and businessmen, among others.
The Centre told the top court that it cannot provide a public confirmation or denial on the use of Pegasus, citing that it will alert terror groups.
Apple Confirms Citizen Lab Report
Apple said in a blogpost that it identified the flaw through a 'maliciously crafted PDF' after becoming aware of a report that this issue "may have been actively exploited", thus confirming Citizen Lab's findings.
The update is currently available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).
"Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life and are used to target specific individuals," Ivan Krstić, head of Apple Security Engineering and Architecture, said in a statement on Monday. Krstić also commended Citizen Lab for its investigation on the spyware and discovering the exploit, and urged every user to go for the update.