Apple fixes the flaw that exposes iPhones to espionage risk

Time: 05/Apr By: kenglenn 774 Views

AGI - Apple has released the update that corrects a weakness in its operating system for iPhone, Mac and Apple Watch and allows for the installation of spyware. The flaw that would be the one used by hackers to directly infect iPhones and other Apple devices without any action from the user.

"This update provides important security improvements and is recommended for all users," reads the description of iOS 14.8 for iPhone in the App Store. The Cupertino company thus responded to the complaint of the Citizen Lab of the University of Toronto, according to which the Israeli software company NSO Group has been infecting iPhone phones and other Apple devices since February.

The Israeli group has been in the eye of the storm since an international mega-investigation revealed that Pegasus software was used to spy on the phones of human rights activists, journalists and even heads of state. Spyware is installed via the iMessage instant messaging program and affects both iOS (mobile operating system), MacOS (computer) and WatchOS (watches).

Apple corregge la falla che espone gli iPhone al rischio spionaggio

Exploiting the vulnerability of the system, this spyware is installed without the user having to perform any operation and affects all versions of operating systems except those released in the last few hours. It was Citizen Lab analysts who discovered the problem by analyzing the phone of a Saudi activist that was infected with Nso Group's Pegasus spyware. Pegasus allows the perpetrator to access the activities of the infected device, but also the camera, microphone, photographs, location, text messages, emails and calls without the victim realizing it.

The Israeli company deals with cybersecurity, but its software is said to be used by several governments to gain access to the phones and other devices of journalists, activists and political rivals. In fact, experts argue that the average iPhone, iPad, and Mac user generally need not worry because such attacks tend to be limited to specific targets; but the discovery had nevertheless alarmed.

In a blog post, Apple announced the update explaining that a "maliciously created" PDF file could lead to being hacked; confirmed the problem and quoted Citizen Lab. In a subsequent note, Apple security chief Ivan Krstic praised Citizen Lab, however arguing that the threat is not such "for the vast majority of our users".

Owners of Apple devices should get an alert on their iPhones asking to update the phone's iOS software; or they can access the phone settings, click "General", then click "Software update" and activate the update directly.