Researchers at Citizen Lab, a group specializing in digital security, said they discovered spyware linked to Israeli company NSO that exploited a newly discovered flaw in Apple devices.
The group explained in a statement that when it examined an Apple device belonging to an employee of a Washington-based civil society group last week, the flaw was used by the NSO-affiliated “Pegasus” spyware to infect the device.
Bill Marczak, a senior researcher at Citizen Lab, told Reuters, “Based on the forensic evidence we obtained from the targeted device, the indicators confirm with high confidence that NSO’s Pegasus spyware is responsible for the hacking activity.”
He pointed out that the attacker most likely made a mistake during installation, and Citizen Lab engineers discovered the spyware.
A hacking process called “BlastPass” is capable of hacking iPhone devices running the latest version of the iOS operating system (16.6) without the victim’s intervention, the Citizen Lab report said.
Citizen Lab immediately disclosed its findings to Apple, and confirmed that it would publish a detailed discussion of the exploit chain in the future.
Apple released updates to its systems related to the exploit chain, and Citizen Lab’s report urged everyone to update their devices immediately, adding that Apple’s security engineering team had assured them that the new updates would prevent this particular attack.
According to Citizen Lab, this latest discovery shows once again that civil society is being targeted by the most sophisticated exploits and sophisticated spyware.
The US government has blacklisted the Israeli company since 2021 due to alleged violations, including surveillance of government officials and journalists.
