It was discovered during a second examination of the phone, which forensics showed had been infected in March. Malicious image files were transmitted to the activist’s phone via the iMessage instant-messaging app before it was hacked with NSO’s Pegasus spyware, which opens a phone to eavesdropping and remote data theft, Marczak said.
#Apple security update closes flaw macs mac
“this is the first one where the exploit has been captured so we can find out how it works,” said Marczak.Īlthough security experts say that average iPhone, iPad and Mac user generally need not worry - such attacks tend to be highly targeted - the discovery still alarmed security professionals. “We’re not necessarily attributing this attack to the Saudi government,” said researcher Bill Marczak.Ĭitizen Lab previously found evidence of zero-click exploits being used to hack into the phones of al-Jazeera journalists and other targets, but hasn’t previously. They said they had high confidence the Israeli company NSO Group was behind the attack, adding that the targeted activist asked to remain anonymous. It was the first time a so-called “zero-click” exploit - meaning that it didn’t require users to click on suspect links or open infected files - had been caught and analyzed, said the researchers. NSO Group responded with a one-sentence statement saying it will continue providing tools for fighting “terror and crime.” The previously unknown vulnerability affected all major Apple devices - iPhones, Macs and Apple Watches, the researchers said.