Apple Rushes 14.8 Update To Block Pegasus' Zero-Click Exploit

The exploit was first discovered by Toronto's Citizen Lab, while analysing the iPhone of a Saudi activist who was a victim of a Pegasus attack.

Apple issued a series of emergency software updates on Monday to block the vulnerability used by the Pegasus spyware to target iPhone users, and compromise their devices.

Pegasus, made by Israel's NSO Group, used a zero-day zero-click exploit with iPhone's iMessage service, which enabled them to take full control of the devices, including its cameras, microphones and data, without a single click from the user.

The exploit was first discovered by University of Toronto's Citizen Lab, while analysing the iPhone of a Saudi activist who was a victim of a Pegasus attack.

According to Citizen Lab, Pegasus allows root privileges to the hacker, which means it can have more access on the device than the user. The researchers also said that this vulnerability affected most Apple devices, including iPhones, Macs and Apple Watches.

Apple, which had built a reputation in the tech industry for providing high levels of digital security, had taken a severe blow following the discovery of the zero-day hack. Its hurried announcement of a new software patch comes one day before the company is set to unveil new devices at its annual launch event on September 14.

Also Read: How Does Pegasus Work, And How Can You Defend Against It

Pegasus In India

This makes the 12 million-and-more iPhone users in India open to potential hacking through Pegasus.

Previously, The Wire, along with a consortium of media organisations, had reported how a number of people including journalists, activists, lawyers, politicians and even medical researchers in India were part of a list of people of interest for NSO's clients, making them potential candidates for spying through Pegasus.

Also Read: 40 Indian Journos In Leaked List Of Potential Targets Of Pegasus Snooping

Until date, the government has not denied its use of Pegasus, while providing highly vague statements to dodge an official confirmation of the use of spyware in India on civilians.

Just ahead of Apple's launch of the updates, the Supreme Court reserved its verdict on a batch of pleas seeking a court-monitored probe in the alleged use of Pegasus against a top court judge (since retired) and staff registry, members of the Opposition, journalists, civil rights activists, and businessmen, among others.

The Centre told the top court that it cannot provide a public confirmation or denial on the use of Pegasus, citing that it will alert terror groups.

Also Read: Cannot Publicly Say If Govt Used Pegasus Or Not: Centre To Supreme Court

Apple Confirms Citizen Lab Report

Apple said in a blogpost that it identified the flaw through a 'maliciously crafted PDF' after becoming aware of a report that this issue "may have been actively exploited", thus confirming Citizen Lab's findings.

The update is currently available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

"Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life and are used to target specific individuals," Ivan Krstić, head of Apple Security Engineering and Architecture, said in a statement on Monday. Krstić also commended Citizen Lab for its investigation on the spyware and discovering the exploit, and urged every user to go for the update.

Updated On: 2021-09-14T19:10:34+05:30
If you value our work, we have an ask:

Our journalists work with TruthSeekers like you to publish fact-checks, explainers, ground reports and media literacy content. Much of this work involves using investigative methods and forensic tools. Our work is resource-intensive, and we rely on our readers to fund our work. Support us so we can continue our work of decluttering the information landscape.

📧 Subscribe to our newsletter here.

📣You can also follow us on Twitter, Facebook, Instagram, Youtube, Linkedin and Google News
Show Full Article
Next Story