Apple users are being encouraged to update their devices after researchers discovered a security flaw that could allow hackers to secretly install spyware without targets knowing.
The researchers were examining the phone of a Saudi activist when they discovered the exploit, and subsequently shared their findings with Apple.
According to Citizen Lab, researchers found that in some cases, NSO Group’s Pegasus malware-infected targeted Apple devices without the users taking any action—what’s known as a zero-click vulnerability. The malware enables hackers to gather a target’s personal information and listen into and read calls and messages.
“CISA is aware of public reporting that these vulnerabilities may have been exploited in the wild,” it said.
The speed with which Apple was seeking to find a solution its operating system’s vulnerability highlighted the “absolute seriousness” of the Citizen Lab’s findings, researchers said.
NSO Group was the focus of recent reports by a media consortium that found the company’s spyware tool Pegasus was used in several instances of successful or attempted phone hacks of business executives, human rights activists, and others around the world.
Those investigations, based on leaked data obtained by the Paris-based journalism nonprofit Forbidden Stories and the human rights group Amnesty International, sparked widespread condemnation of the company.
In July, some 1,000 protesters in Hungary’s capital demanded answers to allegations that the country’s government used Pegasus to secretly monitor critical journalists, lawyers, and business figures. India’s parliament also erupted in protests as opposition lawmakers accused Prime Minister Narendra Modi’s government of using NSO Groups’ product to spy on opponents and others.
The group in a statement to multiple news outlets didn’t address the allegations, but said it will “continue to provide intelligence and law enforcement agencies around the world with life-saving technologies to fight terror and crime.”
The Epoch Times has contacted NSO Group for additional comment.
Apple on Monday, without mentioning NSO Group, issued a patch seeking to fix the vulnerability.
“Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals,” Krstić added, noting that the exploit will not affect “the overwhelming majority of our users.”
Last month, human rights experts working with the United Nations called on countries to pause the sale and transfer of spyware and other surveillance technology until governments “put in place robust regulations that guarantee its use in compliance with international human rights standards.”