The American company “Apple” was forced to fix a security vulnerability that was exploited by the Israeli “Pegasus” program to hack iPhones, despite all the security measures on the American company’s devices.
This spyware, developed by the Israeli company NSO, was able to hack Apple devices without resorting to booby-trapped links or clicks, which is the method usually used to carry out activities of this kind.
The flaw was spotted last week thanks to researchers from the Citizen Lab group, who discovered that the iPhone of a Saudi activist had been hacked by Apple's iMessage chat service.
The University of Toronto's cybersecurity group reported that Pegasus has been exploiting this flaw "since at least February 2021".
It revealed that this problem “affects the collection of images in Apple, targeting its operating systems for Mac computers and smart watches.”
Apple's director of security systems, Ivan Krstic, said in response that, "Apple quickly developed, upon being informed of the bug, a solution to bridge the gap in iOS 14.8 in order to protect users."
The American group praised the efforts of "Citizen Lab", noting that this type of attack is "highly sophisticated...it costs millions of dollars and does not last long and is used to target specific people."
These attacks do not represent a “threat to the vast majority of users,” according to Krstic, who pledged to “continue to work tirelessly to defend our customers.”
In its turn, NSO did not confirm or deny that it was behind this technology, and only said that it would continue to provide intelligence and law enforcement agencies around the world with what it called "rescue technologies to combat terrorism and crime."
The success of the attack does not require any click from the targeted victim. Researchers said they did not believe there was any visible indication of a breach.
The vulnerability lies in how to automatically extract images in the Apple Messages application (iMessage). iMessage has been repeatedly targeted by NSO and other cyber attackers, prompting Apple to update its architecture. But this did not fully protect the system.
How do you update the system?
You can update your iPhone, iPad or iPad touch to the latest version of iOS or iPadOS through wireless connection.
If you see a message that an update is available, tap “Install” to update now. Or you can tap Later, then choose Install Tonight or Remind Me Later. If you hit Install Tonight, just plug the device into power at night. The device will update automatically over the course of the night.
You can also follow these steps:
1- Plug the device into a power source and connect it to the Internet via Wi-Fi. 2- Go to “Settings” > “General”, then click on “Software Update”. 3- Click on “Install Now”. If you see "Download and Install" instead, tap to download the update, enter your passcode, and tap "Install now."