Spying software from the Israeli company NSO Group used the leak to infect iPhones, iPads, Apple Watch watches and Apple computers with spyware. With the latest update that Apple offers today, the leak is closed.
The leak was revealed Monday by Citizen Lab, a cyber research unit at the University of Toronto. They discovered that a Saudi activist’s iPhone was infected with Pegasus, a spyware developed by NSO Group. That spyware has already been used to spy on journalists and human rights activists.
In the case of the Sudanese activist, the leak was used to install the same software. That vulnerability could be exploited if users of the messaging app received a PDF file, which Apple describes as a “maliciously edited” file.
The leak was a so-called “zero-day” vulnerability, a term that refers to newly discovered bugs that hackers can exploit that have not yet been patched. Victims did not have to click on the malicious file to infect their devices, something known as a “zero-click” attack.
According to Citizen Lab, the issue highlights that chat apps are the most vulnerable when it comes to device security. “They’re ubiquitous, which makes them very attractive, so they’re an increasingly common target for hackers,” said John Scott-Railton, senior researcher at Citizen Lab. According to him, the apps should be a major security priority. “Reducing the attack surface of chat apps will help make all of our devices more secure.”
NSO said in a statement that the company “will continue to provide intelligence and law enforcement agencies around the world with life-saving technologies to fight terror and crime.”
New Apple Products
The update that closes the leak will be offered the day Apple announces new products. Apple is expected to unveil a new iPhone, new Apple Watch and new Airpods.
There, Apple will probably also initiate the release of the iOS 15 operating system, which will include additional security.