shadow

HIGHLIGHTS

  • Apple has released an important software update for the iPhone.
  • The software brings a fix for an exploit that was used by Pegasus tool for spying.
  • Apple also said that the vulnerability did not impact majority of iPhone users.

Apple has rolled out a software update for the iPhone that patches a critical vulnerability, which, according to some researchers, has been exploited using surveillance software to snoop on a Saudi activist. The software exploit has been in the current version of iOS, which is iOS 14, since February, the researchers at the University of Toronto’s Citizen Lab have claimed. The exploit existed in iMessage and allowed hackers to bypass security layers when the user clicked on any link.

According to the researchers, the exploit, called CVE-2021-30860, was being used to target journalists and human rights activists in Saudi Arabia and other countries through the notorious surveillance software called Pegasus developed and sold by Israeli firm NSO Group. Earlier this year, an investigation by Amnesty International shook up the world after it was reported that multiple governments were using Pegasus to snoop on prominent people in their countries, including India. Researchers also said that it was easy to target the iPhone through this snooping software because of the vulnerability in iOS. Apple did fix the vulnerability right after the claims were made, although it did not explicitly mention them.

Apple is still not using the word “Pegasus” in its changelog for the security update, but it calls surveillance attacks, such as induced by Pegasus, “highly sophisticated”. On its software support website, Apple mentions the impact of this software update will be that “Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.” It has credited the researchers of Citizen Lab for discovering the exploit in iOS.

“Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals,” Ivan Krsti, head of Apple Security Engineering and Architecture, said. He added that the vulnerability in Apple’s iPhone software “is not a threat to the overwhelming majority of users.” That is conveniently true because Pegasus has been used by governments to spy on people of high interest, including journalists and human rights advocates that often speak against state policies.

NSO Group denied allegations made by security researchers, as well as downplayed Apple’s software fix. “NSO Group will continue to provide intelligence and law enforcement agencies around the world with life saving technologies to fight terror and crime,” the Israeli firm said in a statement. NSO Group has argued time and again that its Pegasus software is a tool to keep a check on criminal and terrorist activities and help vetted governments eradicate them. But in nearly all cases so far, researchers have claimed evidence of surveillance against journalists.

If you are an iPhone user, you are advised to immediately update the software on your iPhone to iOS 14.8. Similarly, iPad users should also update the software to iPadOS 14.8 right away.

Author

India today

Leave a Reply

Your email address will not be published. Required fields are marked *