Apple was compelled to fix a cybersecurity flaw exploited by the Pegasus spyware to hack iPhones, despite all precautionary measures taken, providing new evidence that no company, no matter how technologically advanced, is immune to espionage practices. This spyware, developed by the Israeli company NSO Group, managed to breach Apple devices without resorting to links or poisoned clicks, which are typically used for such activities.
The flaw was detected last week thanks to researchers from Citizen Lab, who discovered that the iPhone belonging to a Saudi activist had been compromised via Apple's iMessage. This cybersecurity research group from the University of Toronto reported that Pegasus has been exploiting this flaw "at least since February 2021." It revealed that the issue affects Apple’s photo services, targeting its operating systems for Mac computers and Apple Watch.
Ivan Krstic, head of security systems at Apple, responded to Agence France-Presse, stating that "Apple swiftly developed a solution to patch the vulnerability in iOS version 14.8 to protect users after being notified of the flaw." The American company praised Citizen Lab's efforts, pointing out that this type of attack is "highly sophisticated... costing millions of dollars, not long-lasting, and used to target specific individuals."
These attacks do not pose a threat to the vast majority of users, according to Krstic, who pledged to "continue working relentlessly to defend our customers." The update made by Apple, which has made the security of its devices a key sales attraction, reflects the growing difficulties faced by companies, including Silicon Valley giants, in countering the ever-evolving cybersecurity threats. Data theft and ransomware attacks have increased in recent months, targeting various companies and organizations. However, espionage-related hacking incidents tied to NSO come from agencies or legal authorities that use software provided by a specific company rather than from unknown criminals.
