During the night (Monday to Tuesday), Apple issued a recommendation to all users of its products to update the versions of the operating systems of its products, after the cyber company Citizen Lab revealed a dramatic security breach. According to the company’s publication, this is a loophole that was discovered after it was exploited by the Israeli company NSO, the developer of the Pegasus spyware, to track down an anonymous Saudi activist.
As mentioned, the American technology giant has released an urgent software update to address the breach in question, as part of which it is possible to take control of almost any Apple computer, Apple watch or iPhone. This is a security breach in the iMessage messaging software, which has allowed hackers to hack into these devices without users having to click on a link, or take any action. It has also been reported that it allows users to steal various data, including passwords, and remotely activate the device’s microphone and camera.
“It’s definitely scary,” said John Scott.Rayilton, a senior researcher at The Citizen Lab, who recently discovered the loophole and told Apple. Ivan Krestic, head of Apple’s security engineering and architecture, explained that “such attacks are particularly sophisticated, carry millions of dollars in development costs, usually have a short shelf life and are used by specific people.” According to him, the company dealt with the issue quickly by updating the software and the breach does not pose a threat to the vast majority of users. However, the recommendation now is to perform software updates for macOS, iOS and watchOS systems.
The Israeli company NSO declined to comment on the specific allegations, telling Reuters: “We will continue to provide life.saving intelligence and influence technologies to intelligence and law enforcement agencies around the world.”
Ido Naor, CEO and owner of Security Joes, explained the type of hack in question: “The concept was taken from the operation – zero clicks. That is, the attacked victim does not intervene in the attack at all. For example in a phishing attack there are clicks that the victim has to make, such as clicking on a link, entering details and so on. Zero Click is basically an attack that does not require any user intervention at all. You could say there are a lot of attacks of this kind, but that is not the intention. Intrusion into a website, too, does not require user intervention – but of course there is no connection between the two. ”