Apple released emergency security updates Monday after it was discovered that the Israeli cyber intelligence firm NSO Group’s Pegasus software spyware could infect iPhones and other devices without even a click.
Why it matters: The fix comes a day before the company is expected to introduce its latest crop of iPhones at a press event. The company touts the security and privacy of its smartphones as among its key selling points.
The big picture: The security flaw was discovered by researchers at Citizen Lab, who found that the phone of a Saudi activist had been infected with the Pegasus spyware via iMessage.
The device had been hacked via a “zero-click” method through iMessage that allowed it to live in the activist’s device since February without detection, according to the Washington Post. The same security flaw would allow the software to infect other Apple iPhones, watches, and MacBooks, per the Post.
An Apple spokesperson told the New York Times that it is planning to add new spyware barriers to its next software update, due out later this year.
Apple’s security team has been “working around the clock to develop a fix since Tuesday,” the Times writes.
What they’re saying: “After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users,” said Ivan Krstić, head of Apple Security Engineering and Architecture, in a statement.
“Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals,”While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data.”
Be smart: “Users of mobile and computing platforms need to make checking for security updates a part of their weekly, if not daily routine,” wrote Steve Turner, an analyst at the tech consulting firm Forrester, in a note emailed to Axios.
State of play: NSO Group’s Pegasus software made news earlier this summer after an international consortium of investigative journalists revealed it had become a valuable tool for governments to spy on journalists and critics.