Toronto Star

Apple patches security flaw exploited by Israeli firm in hack


Apple Inc. said it patched a security flaw in the Messages app after security researcher­s determined that Israel-based NSO Group used it to “exploit and infect” the latest devices with spyware.

The flaw, disclosed Monday by Citizen Lab, allowed a hacker using NSO’s Pegasus malware to gain access to a device owned by an unnamed Saudi activist, according to security researcher­s. Apple said the flaw could be exploited if a user on a vulnerable device received a “maliciousl­y crafted” PDF file.

The flaw was a “zero-day” vulnerabil­ity, a term that refers to recently discovered bugs that hackers can exploit and haven’t yet been patched. Victims didn’t have to click on the malicious file for it to infect their devices, something known as a “zero-click” exploit, according to a report released by Citizen Lab, a cyberresea­rch unit of the University of Toronto.

Apple is patching the bug on the iPhone, iPad, Mac, and Apple Watch via iOS 14.8, iPadOS 14.8, macOS 11.6 and watchOS 7.6.2 software updates.

Newspapers in English

Newspapers from Canada