Apple has released a software update for the iPhone that addresses a significant vulnerability that, according to some experts, has been exploited by surveillance software in order to eavesdrop on a Saudi human rights activist.
According to the researchers at the University of Toronto’s Citizen Lab, the software vulnerability has been present in the current version of iOS, which is iOS 14, since February. iMessage included a vulnerability that allowed hackers to circumvent security layers when a user clicked on a link within the messaging app.
As reported by the researchers, the exploit, dubbed CVE-2021-30860, was being used to target journalists and human rights activists in Saudi Arabia and other countries through the notorious surveillance software known as Pegasus, which was developed and sold by Israeli firm NSO Group and is used in many countries.
A study by Amnesty International rocked the globe earlier this year when it was revealed that various governments, including India, were using Pegasus to spy on significant people in their own nations.
Researchers also stated that due to a weakness in the iOS operating system, it was simple to target the iPhone with this eavesdropping program. While Apple did not directly address the allegations, the issue was fixed as soon as they were made public by a security researcher.
Despite the fact that Apple has yet to include the term “Pegasus” in its changelog for the security update, it describes surveillance assaults, such as those generated by Pegasus, as “very sophisticated.” According to Apple’s software support page, the impact of this software update will be as follows: “The processing of a maliciously designed PDF may result in the execution of arbitrary code. Apple has been made aware of a report claiming that this vulnerability has been actively exploited.” Citizens Lab researchers were credited with finding the iOS vulnerability, which was discovered by Apple.
According to Ivan Krsti, head of Apple Security Engineering and Architecture, “attacks like the ones mentioned are very complex, cost millions of dollars to create, frequently have a short shelf life, and are used to target specific persons.” “It is not a threat to the overwhelming majority of consumers,” he continued, referring to a vulnerability in the iPhone software developed by Apple. The fact that this is accurate is handy since Pegasus has been used by governments to eavesdrop on persons of high interest, such as journalists and human rights activists who frequently speak out against official policies, is true.
The NSO Group has rejected the claims made by security experts and minimized the significance of Apple’s software patch.
A statement from the Israeli company said, “NSO Group will continue to deliver life-saving technology to intelligence and law enforcement organizations across the world in their efforts to combat terrorism and criminal activity.”
A number of times, the NSO Group has stated that their Pegasus software is a tool to keep a watch on criminal and terrorist operations and to assist approved countries in combating these activities. However, researchers have asserted that they have discovered evidence of monitoring against journalists in virtually all of the cases they have investigated so far.
If you are an iPhone user, it is recommended that you update the software on your iPhone to iOS 14.8 as soon as possible. In a similar vein, iPad owners should upgrade their firmware to iPadOS 14.8 as soon as possible.