Apple has released emergency software Patch on Monday (Sept. 13) after researchers at the University of Toronto’s Citizen Lab uncovered a vulnerability that could allow hackers to stealthily install spyware on Apple devices via iMessage without users’ knowledge.
Researchers found that the advanced form of spyware from Israeli security firm NSO Group called Pegasus can eavesdrop or steal data once installed on an Apple device – the spyware has been running for at least March.
Apple’s announcement came after the cybersecurity watchdog organization discovered an NSO spyware infection on the iPhone of a Saudi activist.
According to Citizen Lab, the “zero-click exploit” is a much sought-after tool that allows governments, law enforcement agencies, mercenaries and criminals to stealthily hack someone’s device without the victim’s knowledge. “This spyware can do anything an iPhone user can do on their device and more,” said John Scott-Railton, a senior researcher at Citizen Lab.
Continue reading: Seven years later, only 6% of people with iPhones in the US use Apple Pay in-store when they can
In a statement to USA Today, Ivan Krstić, head of Apple Security Engineering and Architecture, said that Apple “immediately developed and deployed a fix in iOS 14.8 to protect our users” after identifying the vulnerability created by the exploit was used for iMessage.
He added that “attacks like the one described are very sophisticated, cost millions of dollars to develop, often have a short shelf life, and are targeted at specific people.”
The Apple vulnerability is a sign that the cybersecurity arms race is escalating as activists and tech companies like Apple work to quickly fix vulnerabilities that allow government surveillance of citizens.
Related: Cybersecurity Tsar Richard Clarke tells PYMNTS ‘new mindset’ needed to win cyberwar
In a recent conversation with PYMNTS, Richard Clarke, former National Security and Counter-Terrorism Coordinator, said cyber threats are becoming more sophisticated and criminals used to have to act personally.
“When I was a kid, criminals robbed banks and had guns. Now they’re not even in the same country. You sit at a computer in Eastern Europe and you make a lot of money, ”said Clarke. And, as he added, the threat and scale of cybercrime has only gotten worse.
Last month, a T-Mobile hacker stole data from 50 million customers and described the company’s security as “terrible”. John Binns, a 21-year-old American who lives in Turkey, told the Wall Street Journal that he used an unprotected router to access the records.