Apple fixes latest iPhone security flaw exploited by cyber arms dealer
- Apple releases critical software patch to fix latest security vulnerability
- Hackers could infect iPhones and other Apple devices without any user action
A cyber surveillance company based in Israel developed a tool to break into Apple iPhones with a never-before-seen technique that has been in use since at least February, internet security watchdog group Citizen Lab said on Monday.
The discovery is important because of the critical nature of the vulnerability, which requires no user interaction and affects all versions of Apple’s iOS, OSX, and watchOS, except for those updated on Monday.
The tool developed by the Israeli firm, named NSO Group, defeats security systems designed by Apple in recent years.
Apple said it fixed the vulnerability in Monday’s software update, confirming Citizen Lab’s finding.
“After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users,” said Ivan Krstić, head of Apple Security Engineering and Architecture, in a statement. “Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals.”
“While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data,” he added.
An Apple spokesperson declined to comment on whether the hacking technique came from NSO Group.
