Apple issues critical security update after NSO Pegasus spyware breach

Posted on September 9, 2023 by martyrashrakat

September 8, 2023

Apple cautions that iPhones and iPads could be vulnerable to actors associated with the Israeli firm NSO.

Israeli NSO group logo (AFP via Getty Images)

Apple has released a crucial security update for iPhones, addressing a zero-day vulnerability uncovered in iOS 16. This security flaw was initially detected by Citizen Lab, a research group specializing in spyware. The vulnerability has the potential to allow malicious actors to remotely install spyware on an iPhone without requiring any interaction from the device’s owner. Citizen Lab identified and promptly reported this zero-click zero-day exploit to Apple.

The exploit had previously been utilized to deploy Pegasus spyware, developed by the Israeli NSO Group. This spyware was installed on an iPhone belonging to an employee of a civil society organization based in Washington, D.C. Pegasus is engineered to infiltrate a phone and gather various forms of data, including photos, messages, audio recordings, and videos.

Simultaneously, Apple has swiftly launched iOS 16.6.1 in response to the discovery of this breach. It is imperative for iPhone users to install this update promptly, regardless of whether they are considered high-risk targets for the Israeli spyware.

The concern arises from the fact that numerous groups are willing to analyze iOS security updates meticulously in an attempt to uncover how to exploit this newfound vulnerability, thereby increasing the potential for more widespread attacks.

Citizen Lab has refrained from providing an in-depth breakdown of the vulnerability, primarily for security reasons. Nevertheless, the exploit revolves around PassKit, the framework underpinning Apple Pay and Wallet, and involves attachments containing malicious images that are delivered via iMessage.

“We expect to publish a more detailed discussion of the exploit chain in the future,” said Citizen Lab.

Over the past few years, iOS vulnerabilities have frequently garnered attention, particularly those that have been exploited by malicious actors before Apple became aware of the security flaw. To address such issues promptly, Apple has devised a Rapid Security Response system, which can apply security fixes to an iPhone without necessitating a device reboot.

Importantly, Citizen Lab points out that Apple’s Lockdown Mode can serve as a protective measure against this recent exploit. Therefore, individuals who could be potential targets for the Israeli spyware are strongly advised to activate this mode as a precaution.

A flashback

In April, a report published by the Citizen Lab at the University of Toronto revealed several advanced and complicated hacking techniques used by Pegasus spyware.

The Citizen Lab found that a month after iPhone’s iOS 16 operating system was officially released, the Israeli firm carried out attacks against phones with the updated version.

According to the report, these are Zero-Click exploit chains, where hackers may break into the phones without the user clicking on a link or downloading any malware. which enables a covert, quiet infection that is undetectable.

At the time, the Citizen Lab report delved further into the techniques employed by NSO to circumvent iPhone protections.

The researchers found that PWNYOURHOME and FINDMYPWN are the first Zero-Click exploits that capitalize on various points in the software environment where an iPhone device may be prone to cyberattacks, including physical connections such as USB ports, internet connections, and other routes hackers can use to try to breach the device.

These techniques allowed the Israeli spyware to infect even the most up-to-date iPhones with the most recent versions of Apple’s operating system.

The Citizen Lab researchers also pointed out that for a brief period of time, users who activated iOS 16’s Lockdown Mode – an increased level of protection – encountered real-time notifications of attempted device infection.

In mid-July 2022, Apple unveiled the Lockdown Mode to block or disable some features and capabilities to prevent them from being taken advantage of by spyware.

The extreme, optional mode “hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware,” Apple explained.