Digital watchdog group Citizen Lab has uncovered a significant security breach involving the Israeli cybersecurity firm NSO Group and Apple devices. The discovery centres around the exploitation of a newly discovered flaw in Apple devices, allowing for the installation of NSO's infamous Pegasus spyware.
Citizen Lab, based at the University of Toronto's Munk School of Global Affairs and Public Policy, reported their findings after inspecting the Apple device of an employee affiliated with a Washington-based civil society group. Their analysis confirmed that the flaw had been utilised to compromise the device with NSO Group's Pegasus spyware.
Bill Marczak, a senior researcher at Citizen Lab, expressed high confidence in attributing the exploit to NSO Group's Pegasus spyware, based on forensics obtained from the affected device. Interestingly, the discovery was made because the attacker appeared to have made an installation mistake, inadvertently leading to the identification of the spyware.
Citizen Lab underscored the importance of Apple's "Lockdown Mode," a high-security feature available on Apple devices, which effectively blocks the attack in question.
While the Citizen Lab statement did not disclose specific details about the affected individual or the organisation involved, it did emphasise that the vulnerability was capable of compromising iPhones running the latest iOS version, 16.6, without any interaction from the device owner. Apple, in response to Citizen Lab's findings, promptly issued new updates to patch the vulnerability and urged consumers to update their devices.
(Inputs from Reuters)