Apple Issues Patch After Citizen Lab Discovers NSO Group Exploit

Apple has issued a security patch over a flaw found by Citizen Lab. The exploit was reportedly used by NSO Group.

There’s been some news circulating about a major security flaw found in Apple products. The flaw affects computers, watches, and phones alike. Apple, for it’s part, has issued a patch. Apple and security experts alike are urging Apple customers to ensure that they got this patch to keep their devices secure.

The flaw was discovered by Citizen Lab. From the CBC:

The flaw affected all Apple’s operating systems, the researchers said.

It was the first time a so-called “zero-click” exploit had been caught and analyzed, said the researchers, who found the malicious code on Tuesday and immediately alerted Apple. They said they had high confidence the Israeli company NSO Group was behind the attack, adding that the targeted activist asked to remain anonymous.

“We’re not necessarily attributing this attack to the Saudi government,” said researcher Bill Marczak.

Reports also indicate that the flaw was exploited by notorious malware vendor, NSO Group. From The Guardian:

The discovery, which was made as the researchers were examining the mobile phone of a Saudi activist, was shared with Apple, which on Monday released a patch to fix the vulnerability.

Researchers said the speed with which Apple was seeking to fix the vulnerability to its operating system, which in effect has allowed the latest iPhones and operating systems to be vulnerable to attack by NSO Group’s government clients, underscored the “absolute seriousness” of their findings.

“Today is going to be a rough day at NSO because the lights are going to go out on one of their most productive exploits,” said John Scott-Railton, a senior Citizen Lab researcher.

When it is successfully deployed against a target, NSO Group’s spyware, called Pegasus, can silently hack into a phone, collect a user’s personal and private information, intercept calls and messages, and even turn a mobile phone into a remote listening device.

This is part of what makes NSO Group so notorious. Normally, when an organization discovers a flaw, they alert the company that maintains the software or device and report the issue. Sometimes, the company is not responsive and the media has to be alerted instead. Either way, the goal is to prevent people from using vulnerable software or hardware. What NSO Group does instead is keep the exploit secret. They then craft malware accordingly specifically to hack and steal people’s personal information. Since they profit off of selling malware in the first place, their goal is to keep these exploits open to further line their profits.

In this case, they are known to sell that malware to third world country governments who can then, in turn, use that malware to target journalists and activists operating in the country. That, of course, is another major source of contention for people who know about this. Is it right to help governments further crack down on their own population for a profit? Most people would say “no”.

This latest story is yet another setback for NSO Group. Already, we’ve seen their parent company getting liquidated, the company getting kicked off of Amazon, and at least one world leader calling for an investigation into the organization after their devices turned up in a list of potential Pegasus targets. So, the problems are definitely stacking up for the organization to say the least.

In this case, this might be a bit more of a minor setback in the grand scheme of things. Only NSO Group knows how many zero day exploits they have under wraps to target devices and apps. Still, it is one less point of entry that the company can reliably use which is good news for everyone.

Drew Wilson on Twitter: @icecube85 and Facebook.

2 Trackbacks and Pingbacks

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: