On Thursday, researchers from Citizen Lab, a digital watchdog group, reported the discovery of spyware that has been attributed to the Israeli firm NSO. This spyware takes advantage of a recently identified vulnerability in Apple devices.
In a recent statement, Citizen Lab reported that during the examination of an Apple device belonging to an employee of a civil society group based in Washington, they discovered evidence of a flaw being exploited to introduce NSO’s Pegasus spyware onto the device.
According to Bill Marczak, a senior researcher at Citizen Lab, a research organization affiliated with the University of Toronto’s Munk School of Global Affairs and Public Policy, we have a strong level of confidence in attributing the exploit to NSO Group’s Pegasus spyware. This attribution is based on the forensics we have obtained from the targeted device.
According to his statement, it is believed that the attacker may have committed an error during the installation process, leading to the detection of the spyware by Citizen Lab.
According to Citizen Lab, Apple has verified that the utilization of the robust security feature known as “Lockdown Mode” on Apple devices effectively mitigates this specific attack.
John Scott-Railton, a senior researcher at Citizen Lab, stated that this demonstrates the role of civil society in functioning as an early warning system for highly advanced attacks.
Citizen Lab refrained from disclosing additional information regarding the individual or organization impacted.
According to the digital watchdog, a vulnerability was identified that enabled unauthorized access to iPhones running the most recent version of iOS (16.6), without requiring any action from the user. The latest update addresses the identified vulnerability.
Apple has released new software updates for its devices following a thorough investigation into the reported vulnerabilities by Citizen Lab. A representative from Apple declined to provide any additional statements, while Citizen Lab advised consumers to promptly update their devices.
The NSO has issued a statement indicating that they are unable to address allegations that lack supporting research.
The Israeli firm has been placed on the U.S. government’s blacklist since 2021 due to allegations of misconduct, which include the surveillance of government officials and journalists.