Sep 13, 2021 - Technology

Apple releases emergency security update to block spyware vulnerability

Apple store front

Apple store front. Photo: Wang Gang/VCG via Getty Images

Apple released emergency security updates Monday after it was discovered that an Israeli cyber surveillance company's spyware could infect iPhones and other devices without the owner even clicking on a link.

Why it matters: The fix to the intrusion by the NSO Group's Pegasus software came the day before Apple is expected to introduce its latest crop of iPhones. The company touts the security and privacy of its smartphones among its key selling points.

The big picture: The security flaw was discovered by researchers at watchdog group Citizen Lab, which found that the phone of a Saudi political activist had been infected with the Pegasus spyware via iMessage.

  • The device had been hacked using a "zero-click" method that had allowed the spyware to live on the Saudi's phone since February without detection, according to the Washington Post.
  • The same security flaw would enable the software to infect other Apple iPhones, watches and MacBooks, per the Post.

An Apple spokesperson told the New York Times that it is planning to add new spyware barriers to its next software update, due out later this year.

  • Apple's security team has been "working around the clock to develop a fix," the Times writes.

What they're saying: "After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users," said Ivan Krstić, head of Apple Security Engineering and Architecture, in a statement.

  • "Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals.
  • "While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data."

Be smart: "Users of mobile and computing platforms need to make checking for security updates a part of their weekly, if not daily routine," wrote Steve Turner, an analyst at the tech consulting firm Forrester, in a note emailed to Axios.

State of play: The NSO Group's Pegasus software made news earlier this summer after an international consortium of investigative journalists revealed it had become a valuable tool for governments to spy on journalists and critics.

Go deeper