Apple patches security flaw exploited by Israeli firm in hack
Apple Inc. said it patched a security flaw in the Messages app after security researchers determined that Israel-based NSO Group used it to “exploit and infect” the latest devices with spyware.
The flaw, disclosed Monday by Citizen Lab, allowed a hacker using NSO’s Pegasus malware to gain access to a device owned by an unnamed Saudi activist, according to security researchers. Apple said the flaw could be exploited if a user on a vulnerable device received a “maliciously crafted” PDF file.
The flaw was a “zero-day” vulnerability, a term that refers to recently discovered bugs that hackers can exploit and haven’t yet been patched. Victims didn’t have to click on the malicious file for it to infect their devices, something known as a “zero-click” exploit, according to a report released by Citizen Lab, a cyberresearch unit of the University of Toronto.
Apple is patching the bug on the iPhone, iPad, Mac, and Apple Watch via iOS 14.8, iPadOS 14.8, macOS 11.6 and watchOS 7.6.2 software updates.