The malware was found on the phone of a Saudi activist. It is not clear how many other users may have been infected, but experts say the device was able to spy on its user, without them knowing
Image: Getty Images)
Apple has issued an urgent software update following the discovery of a malware that can infect devices without users clicking on anything.
Internet security watchdog group Citizen Lab yesterday announced it found a flaw, attributed to Israel’s NSO Group, that allows an attacker to hack into a device making the user unable to spot it.
The malware was found on the phone of a Saudi activist and discovered on September 7 by researchers who immediately alerted Apple.
Citizen Lab said the phone had been infected with spyware in February and at the moment it is not clear how many other users may have been infected.
Researcher Bill Marczak said there was high confidence that Israeli surveillance firm NSO Group was behind the attack.
Experts said the average user should not be too concerned as similar attacks tend to be highly targeted, but the security issue was alarming.
Mr Marczak said the malicious files were put on the Saudi activist’s phone via the iMessage app before the phone was hacked with NSO’s Pegasus spyware.
The way the attack happened meant that the phone was able to spy on its user, without them even knowing.
SOPA Images/LightRocket via Getty Images)
Citizen Lab researcher John Scott-Railton said: “Popular chat apps are at risk of becoming the soft underbelly of device security. Securing them should be top priority.”
Apple has since released an update for users, with a security note for iOS 14.8 and iPadOS 14.8 saying: “Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.”
It also released WatchOS 7.6.2, MacOS Big Sur 11.6 as well as a security update for MacOS Catalina to address the vulnerability, the Irish Mirror reports.