Researchers at the digital watch group ‘Citizen Lab’ said they found spyware linked to the Israeli company NSO, which exploited a newly discovered bug in Apple’s devices.
The group said in a statement that while examining the Apple device of an employee of a civil society group in Washington last week, it was found that the bug had been used to infect the device with NSO’s Pegasus spyware.
“The indications confirm with high confidence the responsibility of NSO’s Pegasus spyware for the hacking operation, based on the forensic evidence we obtained from the target device,” Bill Marczak, senior researcher at Citizen Lab, told Reuters:
Marczak noted that the hacker likely made a mistake during the installation, and that’s how Citizen Lab’s engineers found the spyware.
Israeli Pegasus Spyware Found on Prominent Human Rights Activists’ Phones in Bahrain, Jordan
Blastpass
The Citizen Lab statement said that the hack, known as Blastpass, was capable of hacking iPhones running the latest version of iOS 16.6 without any intervention from those whose devices are being hacked.
Citizen Lab immediately revealed its findings to Apple and confirmed that it would publish more detailed reports on the future exploitation chain.
Apple released updates to its systems related to the exploit chain, Aljazeera Net reported.
From Pegasus to Blue Wolf: How Israel’s ‘Security’ Experiment in Palestine Became Global
What to Do
For its part, the statement by Citizen Lab urged everyone to update their devices immediately, stating that Apple’s security engineering team assured them that the new updates prohibit this particular cyber attack.
It read, in part,
“We urge everyone to immediately update their devices.
“We encourage everyone who may face increased risk because of who they are or what they do to enable Lockdown Mode.
“We believe, and Apple’s Security Engineering and Architecture team has confirmed to us, that Lockdown Mode blocks this particular attack.
“We commend Apple for their rapid investigative response and patch cycle, and we acknowledge the victim and their organization for their collaboration and assistance.”
The US government has blacklisted the Israeli company since 2021 for its repeated abuses, including surveillance of government officials and journalists.
(PC, AJA)
